Resources, tools and utilities about Threat Intelligence
It's an excel sheet that implements the scoring and weighting methodology of the Analysis of Competing Hypotheses, more specifically the Weighted Inconsistency Counting algorithm. You can read more about it and a practical use case (WannaCry attribution) below:
- https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+ACH+part+1/22460/
- https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+WCry+and+Lazarus+ACH+part+2/22470/
I have also made a shared Google Spreadsheet version of it, feel free to copy it and use it in your analyses: https://docs.google.com/spreadsheets/d/1oKYQtVnro3IfNswnj-A5_diwkLcQq0y2VzuCnEKvZdE/edit?usp=sharing
This started as a way to keep track and share a list of (mainly) books related to Threat Intelligence (mostly "cyber" but definitely not only), on different topics ranging from methodology, tradecraft, history of classical Intelligence, Structured Analytic Techiniques (SAT) and Critical Thinking, Geopolitics/International Relations, etc., to more technical resources (books, papers and report) referring to "Cyber" TI.
Feel free to add feedback/review on books in the list you have read and, of course, please suggest new ones via comment or directly to me (here on github or via Twitter @pstirparo) Please keep in mind that it is strictly related to the field of Threat Intelligence (which is more than just "cyber" :) ), not classical Security/DFIR. https://docs.google.com/spreadsheets/d/1zbneQKybdsxnOHxsl9B4wNGkSYKHbOTfNGW26hP4TJA/edit?usp=sharing
You can find the slides from the presentation "Your Requirements Are Not My Requirements" I gave at FIRST CTI Symposium in 2019 and ENISA CTI 2020 on what Intelligence Requirements are and how to develop them.
- Slidedeck file: 201903-FIRST_CTI_Symp-Stirparo-CTI_Requirements.pdf
- Accompanying blog post on SANS ISC: https://isc.sans.edu/diary/Defining+Threat+Intelligence+Requirements/21519