Chapter 2 Exploring Cybersecurity Threats

Audio

Transcript

OK, so let's talk a little bit about threat intelligence. So if you get into cybersecurity, threat intelligence will become a lot of what you interact with to determine if something really happened. So threat intelligence, let's talk about what's called open source intelligence.

Or OSINT. OSINT. That is O S I N T.

So basically that is websites that you can go to that they're open to the public and you can research whether it be a blacklisted IP address, whether a file is known to have a virus, a website is known to have a virus, just different things like that. But these are all open source.

Which means they're free to be used. The information is free. There's lots of them. So it's basically publicly available sources.

That provide the information so that you know something is bad or not so.

We I used when I was an analyst, I used open source intelligence both when I worked for an in House cyber security team and working as a managed services team where we provided security to lots of people, both used open source intelligence.

It's.

So let's talk about vulnerability database.

So those are databases. There are essential part of threat intelligence. There are reports of vulnerabilities that.

Will help direct an organization with its defense. So though we talked about a zero day attack.

When somebody attacks you with something brand new, so that's a vulnerability that's never been seen, never been heard of boom, while vulnerability database keeps track of all the known ones. And not only that, but also tells you.

You know the best way to defeat them? What software they came in, what weakness they are, et cetera, et cetera.

And then.Indicators of compromise Iocs these are telltale signs and attack that's taking place and may include file signatures, log patterns, and other evidence left behind by the attackers. I'll sees may also be found in file or code repositories that offer the intelligence information.

So.

Iocs are basically a pattern that the bad guys have used before and. 

When you see it, you know it so like.

If somebody has gone to a particular website in the past and it's been bad, it'll tell you why. And then if if it's malware coming from that site when the malware is used on yours, you'll see indications of that. You might see that IP address, so you might run that IP address through.

A database and find out it's bad.

But you can look for indicators of compromise, like with internal actors, if a common one is if somebody works 9:00 to 5:00 and all of a sudden they're back in at ten 11:00 at night doing some, quote UN quote work, that may be an indicator of compromise as well. But you're looking for.

 Patterns.

In that instance, and there are filed and code repositories that are online that you can check code against. So there's one called virus total where you can upload a file and it will check it for you. Some companies will have a sandbox that you can run a program in.

To look for bad code, bad files, things like that, you know all different sources of intelligence.