CYSA+ study area.

Adventures in Cybersecurity: Chapter 1.

Open source intelligence, indicator management, STIX, TAXII, and threat intelligence basics without pretending acronyms are personality traits.

Home Keep going

Notes

Study material that needed a place to live.

Present me looking out for future me. Future me loses handwritten notes.

Why this exists

Putting notes on a page solves two problems. Future me will misplace handwritten notes, and present me needs something legible when studying. Thank me later.

Core definitions

SOC: Security Operations Center.
CTI: Cyber Threat Intelligence.
IoC: indicators of compromise tied to malicious or suspicious activity.
TTP: tactics, techniques, and procedures.
C2: command and control.
ATT&CK: adversarial tactics, techniques, and common knowledge.

OSINT

Open source intelligence is information publicly available to everyone. It can come from online media, blogs, unclassified government data, academic publications, industry data, and gray literature.

Closed source information

Closed source intelligence usually requires a fee or subscription. The point is often timeliness, relevance, accuracy, and confidence. Analysts rely on data to make decisions. Bad data wastes time and can mislead the defense.

STIX and TAXII

STIX is a structured language for communicating cyber threat information. TAXII is an application protocol for exchanging CTI over HTTPS. The useful part is not the acronym. The useful part is moving threat data between people and systems before the incident gets comfortable.

Chapters

Keep moving.

The chapters are connected. So are most problems once you pull enough thread.

Chapter 1 Chapter 2 Chapter 3 Chapter 4