I recently read Analyst’s Style Manual by Mercyhurst College Institute for Intelligence Studies. In the document, there are a few recommendations on how to effectively write intelligence reports. This is a vital skill to ensure that the consumer of threat intelligence can quickly gather the most important information and act in an informed way. The document had these […]

I found this blog post interesting mainly because of its different take on the cyber threat intelligence lifecycle. In the article, the author identifies 3 tasks that information security analysis must consider: 1.) Indications: “a sign, a symptom, a suggestion, or grounds for inferring or a basis for believing.” 2.) Analysis “…to determine whether the […]

This malware was active for nearly a decade. It stole 3 million dollars of money  and was run by some 50 individuals. The malware was actually a kit of tools that could be used for a number of functions. For instance, in 2013 and 2014, the tool was use to encrypt victims computers for random […]

Yara is an open source tool to identify malicious files, processes, and external variables. The purpose of Yara is to generate indicators specific to an intrusion. Those indicators can be acted on and fed into a intelligence plan using a format like STIX. Here is the format for creating a Yara rule: The meta data […]

ACH or, Analysis of Competing Hypothesis, is an analytical technique that may be useful to security analysts. The idea is to come to reasonable hypothesis by matching how likely the evidence supports it. Rather than attempting to fit evidence to a single hypothesis at a time, matching all of them at once often helps remove […]

What is the Hawthorn Effect? The Hawthorn effect or theory is that the behavior of individuals change when they know they are observed. It is named after a program at Hawthorn Works in the 1930 that experimented on the relationship between management and the worker. How does it relate to cyber security? Cyber intelligence seeks […]

In a paper published by the U.S. Government in 2009 about enhancing security analysis techniques, the “Red Team Analysis” method was addressed. What is red team analysis?: Red team analysis is essentially putting the friendly analysis (blue team) into the adversaries shoes (red team). Rather than analyze the motivations, capabilities, and techniques of an individual […]

Hello, I was reading a dissertation by Shaked Bar on analysis of botnets and found that the methods used to locate the CnC servers interesting. What is a botnet? A botnet is a network of computers that are used for nefarious purposes (clicking advertisements for money, executing denial of service attacks, mining bitcoins and many […]

The CIA published a document called “Bringing Intelligence About” which highlights the best practices of good security analysts. While the document is very thorough and covers a lot of topics, I’m only going to focus on what sort of abilities somebody can have to be a good security analyst. The paper mentioned above includes this graphic: The section […]

Hello, The military have long been interested in “intelligence”. Information when analyzed will inform commanders and be of great value in every sector of command. It makes sense when thinking about cyber intelligence to take a look into military research on the use of intelligence. Like cyber threat intelligence’s often vast indicators of compromise and […]