We see “threat feeds” discussed online quite often, but what are these really and how do we employ them? When these “threat feeds” are lists of IP addresses, domains, and file hashes, how do we then make use of these within our own infrastructure or organization?
It turns out that if you’re a security analyst as part of an internal staff, or a DFIR consultant, whether you know it or not, you already have access to an incredibly significant source of intelligence. In this presentation, we will discuss and demonstrate ways to make use of what you have available to you right now to develop a strong foundation of threat intelligence.