Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Casey Brooks Profile picture
Casey Brooks
@DrunkBinary
Senior Adversary Hunter @dragosinc, Army Veteran, Cocktail Scientist, APT Researcher | Opinions are my own and not the views of my employer.
Dec 7, 2019 10 tweets 4 min read
#FridayNightIntel
Building a Taxonomy
So, in threat intelligence, incident response, forensics, and REM, an analyst typically deals with a lot of data points. Organizing or 'bucketing' these data points into a manner coherent and usable to the analyst is an important step. #FridayNightIntel
There are multiple ways to bucket data as an analyst. Whether utilizing @MITREattack, a Cyber Kill Chain, or the Diamond Model of Intrusion Analysis, every piece of data can be bucketed into a coherent and usable manner by an analyst.
Dec 1, 2019 6 tweets 2 min read
Cyber Threat Intelligence is far more than ingesting IoCs into your SIEM. It takes an application of analyzed threat surfaces against the threat landscape compared to defensive measures to inform decision makers of risk acceptance for secure courses of action of the network. In laymen's terms (*cough* in management speak *cough*), an adversary targeting X company employs Y capability, that accomplices Z action. We can take A defensive action to prevent B from occuring provided we make C change or patch D infrastructure.