Discover and read the best of Twitter Threads about #CTI

Most recents (9)

🧵New #CTI assessment based on OSINT research:

🔎ScatteredSpider/0ktapus is a BlackCat (ALPHV) affiliate, but doesn't deploy ransomware

- Based on some temporal, technical, and behavioral analysis

Follow me 🐇🕳 (1/6)
9 Feb 23, Reddit faced a 'highly-targeted phishing attack' & had docs and source code stolen

TTPs are very similar to ScatteredSpider/0ktapus campaigns:
- a landing page impersonating its intranet site
- stolen employees' credentials and 2FA codes… (2/6)
22 May 23, Trend Micro revealed that a BlackCat affiliate used an identical Microsoft-signed POORTRY sample (909f3fc221acbe999483c87d9ead024a) used by UNC3944 (ScatteredSpider/0ktapus), which Trend says they have used since February 2023 (3/6)
Read 6 tweets
🧵#MustangPanda 🐼 (& other #APT groups) use DLL side-loading/search-order hijacking (see ATT&CK).

It's a pain for #CTI analysts who manually vet IOCs -> as this TTP involves delivering a valid vulnerable application, Bring-Your-Own-Vulnerable-App (BYOVA), if you will... 1/3
For example, take this Symantec.exe binary, it's a valid, signed file 🔍 but it's used by #MustangPanda 🐼 for dll side-loading!

Should you pre-emptively block it? Maybe. But first, be sure to check 📝 for its presence in the org -> before causing lots of alerts or worse ⚠️ 2/3 ImageImage
OR you should give warnings ⚠️ before sharing these BYOVA bins as IOCs!

🥲The CTI analyst struggle to vet IOCs is real... but this may help!

I created a Gist & VT Collection for triage:


2. 🔗…

Hopefully this is useful! 2/2
Read 3 tweets
STOP what you're doing and START watching this interview from 2001 with Charlotte Thomson Iserbyt (#CTI). She cannot be controlled or cancelled. She #AWAKENED in 1975 and her book on #education is a MUST. Would love to have met her. 🧵
"Textbook called 'World of Mankind': teacher takes the 1st grade through town and asks them to identify big houses & little houses. What do you think they eat in the big house, what do they eat in the little house? To create class system class warfare"
"The United States Dept. of Education does fund the National Education Association. So this has been going on for a long, long time." -#CTI
Read 30 tweets
Análisis del #PPEF2023 para #ciencia, #tecnología e #innovación 📊

Para #CTI se asignan $108,487 mdp en recursos fiscales ($89,281 mdp constantes 2020), un 16% más respecto a 2022 en términos nominales

¿Pero cuánto es en términos reales?

Hilo… 🧶👇🏽 @CienciaPluralMx
En recursos fiscales, el aumento en términos reales es del 10.5% respecto a 2022, el mayor para #ciencia y #tecnología en el sexenio de #AMLO

Sin embargo, el aumento se concentra prácticamente en un solo ramo de la política de #CTI

Y no es en el Ramo 38: @Conacyt_MX
Con un aumento de 579% respecto a 2022, la @SENER_mx es la gran ganadora en el #PPEF2023 para #CTI con una asignación de $8,183 mdp

Le sigue @SRE_mx con un aumento del 120%, y quien más pierde es el @ISSSTE_mx con -37% respecto a 2022 (en términos reales)
Read 14 tweets
I just published a blog post on breaking into the #cti field, understanding the interview process for CTI roles, some words of wisdom, and a listing of about 25 #cyberthreatintelligence-centric questions to help aspirant analysts prepare for what they can expect during the
interview process.… Hat tip to
@Lawsecnet and @threathuntergrl for feedback and peer review prior to publication.

I wrote this in direct response to feedback from the SANS webinar we hosted last week, "Intelligently Developing a Cyber Threat Analyst
Workforce", and feedback from the Twitter community. A big things to @SANSInstitute, @sansforensics, and team for setting up the webinar and to @klrgrz, Mark Plemmons, and Shanyn Ronis for participating on the
Read 4 tweets
I promised to drop bombs of #DailyOSINT tips, tools and tricks when I return so here is the first one (more to come).

Read on and I PROMISE you will find some #OSINT gems here!

Thread 🧵 (1/n)
[#DailyOSINT - Day#268] Wanna learn some cyber threat intelligence #CTI stuff? Sapienza University has an upcoming free course… #OSINT (2/n)
[#DailyOSINT - Day#269] Interested in fighting disinformation? Every Friday from 10:00-10:20, Media City Bergen presents a new talk in the series: 20 minutes on fighting disinformation. It's free to participate.… #OSINT (3/n)
Read 9 tweets
Análisis del #PPEF2022 para #ciencia, #tecnología e #innovación 📊

Con $93,544 mdp en recursos fiscales ($62,370 mdp constantes 2013), el presupuesto 2022 es el mayor para ciencia y tecnología en los últimos 6 años

Pero dista mucho del periodo 2014-2016 en #CTI 📉

Hilo… 👇🏽 Image
En términos reales, el presupuesto asignado a #ciencia #tecnología e #innovación es 4% mayor respecto al 2021, revirtiendo la caída presupuestal de -1.6% en 2021 Image
90% del presupuesto en #CTI se concentra en 4 ramos: educación, salud, agricultura y @Conacyt_MX

La inversión para el sector educativo (universidades y educación superior) ha crecido 80% respecto a 2015, mientras que #agricultura y el #CONACyT han tenido una evidente reducción Image
Read 17 tweets
#ATENCIÓN | Golpe estructural a redes criminales responsables de enviar cocaína desde el Caribe colombiano. Fiscalía y @ArmadaColombia capturaron a 13 presuntos integrantes de organización señalada de sacar el estupefaciente entre buques de carga hacia Centroamérica y Europa.
Fiscal Barbosa y comandante de la Fuerza Naval del Caribe, contralmirante Juan Ricardo Rozo Obregón, desde las 5 a.m., dirigieron y siguieron con detalle la ejecución de la operación estructural contra la red narcotraficante, señalada como una de las aliadas del Clan del Golfo.
El #CTI y @ArmadaColombia, en trabajo articulado y de manera simultánea, realizaron las capturas en diligencias realizadas en Cartagena, Barranquilla y Santa Marta. Fueron incautadas 2 armas de fuego, documentos y otros elementos de vital importancia para avance de indagaciones.
Read 7 tweets
Teaching @sansforensics Threat Intelligence at #SANSFire this week. At first break, I had a chance to talk to students. The number of orgs with threat intelligence "programs" where program requirements are a complete unknown is always astounding to me. 1/n
If you don't know your #CTI requirements, you can't possibly build a good program. You may think you know the "requirements" but at the end of the day, those are determined by stakeholders (e.g. the "customer" aka whoever is in charge of funding the program). 2/n
If you aren't focusing on their concerns, you don't have an intelligence program. At best, you have some analysts wagging the dog with some analysis of potentially irrelevant (to the organization) intelligence information. It's not a professional operation, it's amateur hour. 3/n
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!