[cyberdefense-advisory-board] New to this list - introduction

c-APT-ure toms.security.stuff at gmail.com
Sat Mar 31 00:15:33 UTC 2012


Hi list,

I've been (more or less active) on the sans-advisory-board and GPWN lists
and just now searched and found these interesting lists as well.
(PS: I can currently only read DFIR archives, not cyberdefense and
intrusions -- why?)

I hold a GCIH and GWAPT and work on GXPN right now.
http://www.giac.org/certified-professional/tom-ueltschi/119356

I started blogging about APT about two years ago (nothing new or original
though) and just recetly also put some posts up about my ponmocup malware /
botnet research.
http://c-apt-ure.blogspot.com/

A few months ago I startet using Twitter and quickly got addicted to it
(getting the most up-to-date news of my interest)
https://twitter.com/c_APT_ure

My favorite original tweets: (there should be a better way for this, right?)
http://twitter.com/BestOf_cAPTure/favorites

Others favorite tweets from me:
http://favstar.fm/users/c_APT_ure

Some followers even find my tweets useful ;-)
http://www.digital4rensics.com/blog/2012/02/thanks-for-sharing/
http://www.digital4rensics.com/blog/2012/02/thanks-for-sharing-indicators/

Very recently I started a Google group called "Fighting Advanced Cyber
Threats" to discuss some topics that interest me, but maybe one (or
several) of the SANS lists would actually be better for this.
https://groups.google.com/forum/?hl=en&fromgroups#!forum/fighting-advanced-cyber-threats

Here is a list of papers and resources that I recently found: (still not
finished reading all)
(disclaimer: I'm not affiliated with any of these companies -- though maybe
I'd like to)

Mandiant's M-Trends 2012 and Verizon's DBIR
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
http://www.mandiant.com/news_events/forms/m-trends_tech2012

http://www.commandfive.com/research.html
http://www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf
http://www.commandfive.com/papers/C5_APT_ADecadeInReview.pdf

https://securosis.com/research/research-reports
Applied Network Security Analysis: Moving from Data to
Information<https://securosis.com/research/applied-network-security-analysis-moving-from-data-to-information>
Fact-Based Network Security: Metrics and the Pursuit of
Prioritization<https://securosis.com/Research/Publication/fact-based-network-security-metrics-and-the-pursuit-of-prioritization>
https://securosis.com/blog/new-white-paper-network-based-malware-detectionfiling-the-gaps-of-av

http://www.uscc.gov/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsandCyberEspionage.pdf
http://www.uscc.gov/hearings/2012hearings/written_testimonies/12_3_26/bejtlich.pdf

In conclusion I would like to agree with Richard Bejtlich's statments in
his testimony:

It's all about sharing threat intelligence (among trusted parties -- for
APT's) and the question "are you compromised" (... yet, or you just don't
know it)

That's about it for now.

I hope you like some of the listed resources and share yours as well :-)

Regards,
Tom Ueltschi




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sans.org/pipermail/cyberdefense-advisory-board/attachments/20120331/c04c06a0/attachment.html>


More information about the cyberdefense-advisory-board mailing list