Daily Blog #605: CTI Summit 2019

CTI Summit 2019 Summarize by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
             Between calls and work I got to watch some of the CTI Summit this week in DC prior to my class that starts tomorrow. I will admit that I look at CTI mainly from the outside trying to understand how it really works and what is real vs marketing. Prior to the CTI Summit I have read Scott Roberts and Rebekah Brown's book Intelligence Driven Incident Response:
 https://www.amazon.com/Intelligence-Driven-Incident-Response-Outwitting-Adversary/dp/1491934948 and I've talked to the CTI instructors about what they do in FOR578. ,

All of that though was just a foundation to understand the edges of the world of threat intelligence. Here where the words I heard repeated today:

  • Bias 
  • Cognitive Bias
  • ATT&CK
  • Pyramid of Pain
  • Peer Review
  • Threat actor
Each time I heard these major terms it came with a different perspective, one that would turn how the idea of 'product' for the 'consumer' was to be judged. 

As someone who focuses on the solid remnants of an incident the idea of this large grey area was outside of my comfort zone. I'm very comfortable when I can test and recreate an action to determine a prior action, but the idea of assembling possibilities and 'dossiers' based on events, actors and threats makes me very glad that there are other people who have found their passion in this.

So I salute you CTI professionals, I think we are both glad to be looking at each other over the fence between us in the widening world that is DFIR. 


  1. I see the makings of either a drinking game or buzzword bingo

    1. If you drank every time you heard the word Bias you might not make it to the end of the game