If you're planning to attend the 2023 AISA Cyber Conference in Canberra, Australia next week, swing by booth 41 to meet with our own Nick Borsky, Damien Murphy, and Laetitia Chiragarhula. They'll be on hand to show how expanded network visibility helps security teams improve threat detection and accelerate #incidentresponse.

Network with likeminded #cybersecurity professionals, get swag, and learn how to take your #cyberdefense strategy to the next level with Corelight's #networksecurity solutions. Here's a sneak peek at how Corelight can elevate your #cybersecuritystrategy: https://corelight.com/products/open-ndr/

Learn more about the event hosted by Australian Information Security Association (AISA) ➡️ https://cyberconference.com.au/

#CyberCon2023 #DFIR #ThreatHunting

Seems like my hibernation is coming to an end very soon ..... you can catch me at ...

🍸 the Australian Information Security Association (AISA) #Cybercon2023 March 21-22 in Canberra ... I'll be on stage 4 times so I'm pretty sure you won't miss me 🤣

🍸 @0xCC I'll be delivering training in May 5 and 6 in Melbourne.

🍸 @blackhatevents #BHAsia2023 I'll be in attendance swanning around the talks.

🍸 Have you got your tickets to BSides Brisbane yet in July and @bsidescbr in September? I have!

Are you tired yet reading this?

I'm also going to try and make BHUS and Defcon in August .... someone want to fly me over?????

I thought I'd share a little bit more about the talk I'm giving at #cybercon2023 ...

<<Threat intelligence without boiling the ocean>>

Whilst no one will ever tell you that threat intelligence is easy, setting out on the path to use it in smart ways doesn't need to be overwhelming. Today, the amount of open source intelligence feeds, documents, blog posts and information shared in the community can easily leave operational or Intel analysts feeling unsure where to start.

#DocIntel is an open source project that was created to help streamline this process by providing a platform to collect, store, process, and organise information from various threat intelligence sources.

Using DocIntel we can take input from threat intel reports both public and private, RSS feeds, and blog posts. In this talk we'll cover how DocIntel is helping to reduce the effort required to transform this data into information that can be utilised to protect and respond. The audience will learn how to set this up in DocIntel and we'll walk through the workflow from adding a source to reviewing and registering a document.

After we have distilled our information in DocIntel, we will walk through how to connect DocIntel to a #MISP instance to easily share and disseminate the indicators across various technology platforms and sharing groups.

The talk will explain the high level concepts as well as demonstrate how this works in practice to give the audience a guide on how best to start with collecting and dealing with open source threat intelligence.