We had two commercial APT subscriptions, 10 information exchanges, about a dozen free feeds and a big list of TOR exit nodes. We also used a couple of powerful reversers, master Powershell scripts, a Loki scanner and a paid VirusTotal subscription. Not that a security incident response center won’t work without all of these, but if you are up to catching complex attacks you have to go the whole hog. What we were particularly concerned with was the potential automation of checking for indicators of compromise (IOCs). There’s nothing as immoral as artificial intelligence replacing a human in an activity…
[Continue Reading]