LibGuides: CYB455: Module 4

Module 4 Required Resources

Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón
ISBN: 9781838556372

Publication Date: 2021-02-12

alacin, V. (2020). Practical Threat Intelligence and Data-Driven Threat Hunting. Packt Publishing.
Chapter 8 of the course textbook: Query data

This chapter shows how to perform Atomic tests (emulations) and hunt for suspicious activities in a Windows environment using the ELK stack. Even though we did not focus on the ELK SIEM in this course, you should be able to follow this chapter to understand how security analysts query for the trails created by threat actors for various stages of the attack life cycle from the initial access to the impact.

Chapter 9 of the course textbook: Hunting for the adversary

This chapter will further strengthen your ability to hunting for adversaries and specifically shows how to hunt for APT29 using MITRE ATT&CK emulation. You will also learn about using the MITRE CALDERA project and Sigma rules.

APT29 operational flow
This article describes two scenarios of APT29 broken down into 10 steps each and each step is annotated with corresponding MITRE ATT&CK techniques, cited intelligence and additional metadata.
The Implications Of ChatGPT On Cybercrime
Much has been said about ChatGPT, the new AI-based chatbot capable of mimicking human-like conversations and drafting all sorts of narratives. ChatGPT opens up a whole new world of possibilities across industries and businesses. Yet the excitement over ChatGPT comes with a number of caveats that concerns cybersecurity. This article explores a few of the implications ChatGPT presents to cybersecurity efforts.
How AI Voice Cloning Tools and ChatGPT are Being Used to Aid Cybercrime and Extortion Scams
How AI voice cloning tools and ChatGPT are being used to aid cybercrime and extortion scams.
Learn 10 ways to use ChatGPT for threat hunting.
The AI takeover has begun. Let’s take back control and learn ten ways to use ChatGPT to aid your threat hunting.
Using ChatGPT to augment existing cyber security workflows
On November 30, 2022, ChatGPT quaked the digital world, sending a tremor that even rattled the cybersecurity industry. Instead of responding in panic, a more sensible approach is to begin learning how to leverage the technology to streamline your workflow and optimize your skills.

Sigma Rules
Sigma rules provide an open signature format to describe log events. They are the YARA rules for log files. This repository offers more than 3000 rules that any threat analyst may use.

Sigma Rules Tutorial: https://socprime.com/blog/sigma-rules-the-beginners-guide/
Evaluation of security vendors using the MITRE ATT&CK framework
MITRE ATT&CK framework serves as an industry standard to compare the capabilities for popular security vendors in the market. This article by ELK shows the round two evaluation performed in 2020.