Beer, Bacon and Blue Teaming presented at bsideswellington 2017

by Chris Campbell,

Summary : A famous man once said that he didn’t need to attend intel briefings because “I’m, like, a smart person”. Little did he know that those meetings would have provided him the essential knowledge of FedEx malspam that could have saved him from having his 7 year old, unpatched laptop owned along with the compromising tax records that were on it.
Intelligence matters in many ways, depending on how you define it. It can offer insight into the threat landscape, improve our ability to hunt and mitigate threats, and stop us from being cluelessly self-destructive. At it’s heart it is the collective work of an entire industry. Best of all, it can be free. When things are free, more of our security budget becomes free to spend on important things like beer and bacon.
This talk will step through a variety of sources of intelligence and look at how they can be consumed to better your security posture, provide an introduction to automating the deployment of honeypots, and demonstrate the use of freely available tools and techniques to hunt, dissect and respond to threats that ~~next generation~~ overpriced appliances may not.