Next Meeting Thursday, February 21, 2019 from 5:30 PM to 8:00 PM (Eastern)
| First Presentation: Threat Intel, Something For Everyone | Second Presentation: Six Degrees to Domain Admin Revisited, BloodhoundAD for Offense and Defense |
Presentation Details
|
First Presentation: Threat Intel, Something For Everyone Speaker: Christian Nicholson Abstract: : This talk will discuss some of the basic principles of threat intelligence, and touch on how you can get started with a threat intel program of your own. We will then dive into the main focus of this talk, operationalizing the data via automation and a centralized platform of your choosing. This talk will make use of some free and commercial tools, and offer up some alternative options in the commercial and open source space that allow you to achieve the same goal. We will talk about the pros and cons of a few architecture variations, and most importantly how to use this solution to maximize your return on investment into the threat intel program, and minimize the amount of analyst hours needed to gather data to reach an incident close. Half this talk will be spent on the big “So Whats”, what does it cost, and what does it get me, alongside the basic input and outputs for a typical organization. We will also touch on who is the right consumer of this information, and to what degree, before diving in to a scenario in which the intelligence is leveraged, and show the difference between having and not having it. Bio: christian@indelible.global via email https://indelible.global (company website) @GuardianCosmos on Twitter www.linkedin.com/in/christian-nicholson (LinkedIn) |
|
Second Presentation: Six Degrees to Domain Admin Revisited, BloodhoundAD for Offense and Defense Speaker: Christian Nicholson Abstract: This talk is an expansion on the original talk given at BSidesLV 2016, We touch on the original topic of six degrees to domain admin, and then take it a step further. Many focus on the offensive uses for BloodhoundAD, but what about the defensive uses? This talk aims to answer that question, and provide a brief list of usecases that are suitable for both red teamers and pentesters, as well as blue team forensicators and incident responders. We also talk about the ups and downs of the current tools iteration, how we can overcome them, and how we can build the tool into our processes to leverage the data for automation. Bio: christian@indelible.global via email https://indelible.global (company website) @GuardianCosmos on Twitter www.linkedin.com/in/christian-nicholson (LinkedIn) |
Dinner Sponsorship: CI-ISSA
Evening Agenda:
5:30 – 6:00 pm > Networking and Food
6:00 – 6:15 pm > Central Indiana ISSA Introduction and Chapter Business
6:15 – 8:00 pm > Meeting Speaker(s)
8:00 pm > Optional Social Hour
*** Please note that the location for our chapter meetings is Ice Miller LLP, which is located in the OneAmerica Tower in Downtown Indianapolis. Enter the building and take an elevator to the 29th floor. Someone will then direct you to the CI-ISSA meeting.
***
PLEASE ARRIVE BEFORE 6:00 pm. If you arrive after 6:00 pm, the elevators are locked to the 29th floor so please see a Building Security person and ask them for help to access that floor.
Chapter Meetings – Changes in building security protocols
The building location for our monthly meetings will remain at One America Square however a new security system installed by the elevators will now require meeting attendees to check in to the security desk for access to the elevators and Ice Miller. While not required, we highly recommend that you register for the meetings to ensure your name is on the attendee list to reduce any delays in your arrival.
***