Threat Intelligence: A Deep Dive

Threat Intelligence: A Deep Dive
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
December 12, 2019 | 21 Min Read

Welcome to our deep dive on threat intelligence: intended to help security professionals embarking on creating and building a threat intelligence capability. Readers will understand how to make threat intelligence relevant, actionable, and effectively communicated to a myriad of stakeholders. The blog includes best practices of threat intelligence, as well as some free tools and resources along the way.

What is Threat Intelligence? An Overview

Threat intelligence has many competing interpretations and definitions, but Gartner’s threat intelligence definition is a good starting point:

Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

Wrapped up within this definition are two salient themes that we will return to:

  1. Threat Intelligence is focused on informing a decision-maker and improving their decisions. The Threat Intelligence function within a business can be as a standalone function, particularly within more mature organizations or sector with a lower risk tolerance, but more often it is a function of an individual within a security team. This function can serve multiple stakeholders within the business, including incident responders, threat hunters, and management.
  2. Focuses on the threat, not risk. “Threat” is just one component of “Risk”. Some frameworks, such as FAIR (Factor Analysis of Information Risk), help to bring this all together into a richer framework.

Establishing Measures of Effect: First Things First

Few threat intelligence pieces begin by discussing how you measure the effectiveness of a program; this is more commonly done either as an afterthought or by a handful of the most mature organizations. However, this is critical: having a well-defined success criteria will ensure that there is a clear business case and, in the longer term, enable you to demonstrate a return on investment. That’s why we’ve included this at the very start.

We’re not doing threat intelligence for fun; we want to increase the bottom line. To do so, the TI program must be both measurable and tailored to business goals.

  1. Measurable. A great deal of recent work (see presentations from Microsoft and ThreatConnect) has been done on measuring the effectiveness of a threat intelligence program and providing examples to take away when building your own. This will reduce the focus on mere output, extend the business case, and enable you to demonstrate a Return on Investment. These include, but are not limited to:
    1. Number of incidents derived from threat intelligence
    2. Mean time to detect
    3. Mean time to recover
    4. Savings generated
    5. Cost savings
    6. Reduction of risk
      Understandably, threat intelligence that can inform some sort of action will be considerably easier to measure.
  2. Relevant. Unless the TI goals are mapped to business goals, it will be challenging to demonstrate true business value. Consider what you want to protect, whether that is customer data, intellectual property or the brand. More on that in our threat modeling section to follow.With the goals clear and aligned to the business, here’s how you ensure your threat intelligence is as effective as possible.

Intelligence vs Information vs Data

One of the biggest barriers to ensuring Threat Intelligence is relevant is confusion between data, information and intelligence. Indeed, as Threat Intelligence has become more commoditized, the differences between data, information and intelligence have become blurred. Let’s start first by clarifying the differences.

Data – Are recorded facts from snapshot at a point in time. With data, there is little or no subjectivity involved. Data is binary:  it is either true or false. For example, ‘it was wet in London at 10:27 last Wednesday.

Information – Information is structured data that has been combined by the process of Collection. For example, ‘it rained last Wednesday and has for the last 20 in London’

Intelligence – Critically intelligence is about future events, rather than Data and Information which is purely historical in nature. The sole objective of intelligence is to assist a decision maker in making a better decision about an issue than a coin toss. For example, ‘There is no reason other than coincidence that it has rained in London on every Wednesday for the last 20, but based on historical data, there is a 70% chance it will rain on the next Wednesday.’

data information intelligence

The relationship between Data, Information, and Intelligence

This diagram is a good way to understand the relationship between these three terms, showing:

  • Data is converted to information via the process of Collection, and Information into Intelligence by Analysis. Within this conceptualization Data, Information and Intelligence are commodities and Collection and Analysis are processes.
  • The pyramid that underlies the above image is intended to represent the volume of each commodity and the fact that a lot of data declines to a smaller set of information and an even smaller set of intelligence products.
  • The hierarchical nature of Data, Information and Intelligence and how one must flow into another. This is what separates a ‘guess,’ from an intelligence product due to the fact that an intelligence assessment is supported by information and data, where as a guess is not.

4 Types of Threat Intelligence

While many claim they do threat intelligence, this can mean a whole number of things. There are four types of threat intelligence and, while they have some areas of overlap, help us to understand different functions of threat intelligence.

types of threat intelligence

  1. Strategic Threat Intelligence – High-level analysis and information on trends over time that can be used to inform decision-making, especially relevant for Board and C-Level stakeholders.
  2. Operational Threat Intelligence – Gaining insights from ongoing and incoming attacks, including intelligence of actors and campaign details.
  3. Tactical Threat Intelligence – Intelligence on the tactics, techniques, and procedures (TTPs) of threat actors.
  4. Technical Threat Intelligence – Heavily based on Indicators of Compromise (IOCs). Technical threat intelligence tends to be utilized in malware research and detection to catalog malware families by their characteristics such as textual or binary patterns.

To add further complexity, on top of all of this, these types of threat intelligence may be produced internally, gained from sharing communities (such as FS-ISAC, HS-ISAC), or derived from an external provider (both paid and free).

Avoiding the Firehose

While threat intelligence continues to gain in adoption (The SANS Institute reports an increase of 60% to 72% of respondents producing or consuming threat intelligence), it often has several limitations:

  1. Too much noise and too many false positives. As we so often fail to differentiate between data, information, and intelligence, much of the “threat intelligence” we see only succeeds in overwhelming already short-staffed teams. All too often, teams are faced with a firehose of noisy indicators of compromise (IOCs).
  2. Lack of relevance to the organization itself. Threat Intelligence concerns information about attacks against other businesses and seldom has relevance to the organization in question.
  3. Not enough operationalization. A lot of Threat Intelligence provides insight, but no clear actions. Threat Intelligence ought to both improve decisions and inform an action.

In this blog, we’ll dig into some of the best practices for getting threat intelligence right and avoiding these pitfalls.

Intelligence Processes

If you are going to start doing threat intelligence, a good process is needed.  It can be the difference between you getting value from your intelligence function or not. A good place to start with this, is the intelligence cycle.

The Intelligence Cycle Explained

Earlier, we mentioned that there are a host of pitfalls associated with threat intelligence, such as false positives, a lack of relevance, and an inability to remediate issues. These most commonly occur when threat intelligence programs lack direction and structure from the outset, with analysts conducting analysis for the sake of analysis. That’s why the intelligence cycle remains so popular today: it helps to define stages and structure the program.

The intelligence cycle consists of five stages – direction, collection, analysis, dissemination, and review.

the intelligence cycle diagram

1.     Direction

Of all the stages in the intelligence cycle, it’s tempting to focus on collection and analysis, and to ignore the direction and planning stage. However, having the right approach can save you time and make threat intelligence more meaningful.

Before any data is collected, bought, analyzed, or shared, organizations should first understand what they are trying to protect – what are their critical assets? Of course, this is easier said than done, especially as notions of “criticality” differ between attackers and an organization (like social media accounts). Also, a critical asset maybe highly tangible or intangible in nature i.e. a tangible critical asset could be an organization’s connection to the SWIFT banking network whereas an intangible asset could be customer confidence in the brand.

What is and what is not a critical asset vary depending on the industry and the organization, so it’s important to understand what is inherently valued in your industry. Some common critical assets overlap, regardless of industry, such as payment card details, logins, databases with customer information, payment systems, trading platforms, exchanges, Enterprise Resource Planning (ERP), and proprietary technology.

Board level decision making is not typically driven by tactical intelligence such as IOCs, but instead by operational or strategic concerns. Therefore, on top of understanding what an organization ought to be protecting, it’s important to get the requirements of key stakeholders and consider how the intelligence program will satisfy these.

2.     Collection

Once you know what assets you want to protect, you can start to think about where you will look for information on threats to those assets. Another cycle, the collection cycle, exists to collect timely and relevant information for analysts to develop into intelligence.  Our intelligence experts like to form a collection cycle that includes developing observables, collecting information, assessing that information, and feeding this assessment back to the collection cycle for future improvement. Some common things to keep in mind when developing a collection cycle include coverage, languages, tools, and the direction.

Organizations will turn to a range of sources depending on the initial requirements. This often includes technical sources (many of which are available free here: https://github.com/hslatman/awesome-threat-intelligence), social media, criminal forums, dark web pages, code repositories, and more. You can get an idea of the type of sources you might expect to cover in our Data Sources document.

Digital Shadows Data Sources

It’s worth noting that the advantages and disadvantages of focusing on dark web sources is out of scope for this piece, but you can read more in another blog we wrote called “Dark Web Monitoring: The Good, The Bad, and The Ugly”. TLDR: the dark web is over-hyped, but does have some value depending on your goals.

dark web monitoring guide

3. Analysis Frameworks

We spoke earlier about how “intelligence” is derived from just “information” by the process of analysis. Indeed, with information collected, it’s next necessary to place these findings into some sort of analytical framework, of which there are many. It is important that threat intelligence teams understand and utilize these frameworks in the production of intelligence products. These frameworks are utilized across the cyber security sector and allow intelligence teams to communicate findings in ways which the cyber security sector understand.

One of the most prominent frameworks is the Cyber Kill Chain developed by Lockheed Martin. The Cyber Kill Chain identifies seven tangible steps to carrying out an attack from the perspective of an attacker:

  1. Reconnaissance
  2. Weaponization,
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command & control (C2)
  7. Actions on objectives

These steps provide valuable insight into cyberattacks and enhance analysts’ understanding of threat actor TTPs.

The Lockheed Martin Cyber Kill Chain serves as the basis for the Diamond Model and MITRE ATT&CK, which both build on the model proposed by the kill chain. The Diamond model uses the four corners to represent adversaries, infrastructure, victim, and capabilities and maps the cyber kill chain out on the diamond at each step depicting whether the step is technical or socio-politically motivated. The intention of Diamond Model is to simultaneously deal with multiple attacker Kill Chains by identifying similarities between different kill chains’ adversaries, infrastructures, victims, and capabilities.

MITRE ATT&CK takes the Cyber Kill Chain framework and expands on it by incorporating initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command and control (C2), exfiltration, and impact.  We’ve mapped a host of campaigns to Mitre ATT&CK, which you can read. Below, we’ve outlined one mapping we did on the tactics used by the GRU in the build up to the 2016 US Presidential Election.

Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations from Digital Shadows

Avoiding Cognitive Biases

One of the biggest hurdles to good analysis is cognitive biases, defined as “a mistake in reasoning, evaluating, remembering, or other cognitive process, often occurring as a result of holding onto one’s preferences and beliefs regardless of contrary information.”

There are a large number of different types (188 to be precise) of cognitive bias. These have been expertly combined in the following image (full credit goes to https://www.visualcapitalist.com/18-cognitive-bias-examples-mental-mistakes/).

cognitive bias

Structured Analytical Techniques

There are numerous techniques that intelligence analysts employ to overcome cognitive biases, known as Structure Analytical Techniques (SATs). The father of intelligence analysis is widely regarded to be Richards Heuer, who published many techniques in his 1999 paper, Psychology of Intelligence Analysis (a must-read for anyone interested in employing SATs).

TI pros often immediately look for the sophisticated SATs. However, in truth, there’s plenty that can be done with simpler methods. For example, Devil’s advocate and a SWOT analysis (techniques within the reach of all of us) can help to sharpen our analysis.  We’ve outlined several tips in a recent blog on this very topic, A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias.

However, for analysts with more time, there are techniques like Analysis of Competing Hypotheses (ACH), a methodology developed by Richards Heuer himself, and the Cone of Plausibility (most suitable for forecasting). We won’t go into detail in these in this blog, but you can read more detail on ACH and Cone of Plausibility in our previous blogs:

  1. An Analysis of Competing Hypotheses for the Tesco Bank Incident
  2. Wannacry: An Analysis of Competing Hypotheses
  3. Wannacry: An Analysis of Competing Hypotheses Part II
  4. You Should Consider Forecasts, Not Predictions

4. Dissemination

In the introduction, we outlined how threat intelligence is there to better inform a decision or decision-maker. You can produce the most amazing piece of analysis, but if it’s not communicated in a way that is meaningful to your stakeholders, it’s wasted effort.

When discussing findings and dissemination options, it is crucial to communicate in a common language to your target audience. As Threat Intelligence may be tactical, operational, technical, or strategic, products can be very different.  While a technical audience may be more interested in Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs), an executive audience may be more interested to understand the business risk, assets, liabilities, profit, and loss. This aspect seems common sense, but too often a lack of understanding between analysts and decision makers has security repercussions. To promote more efficient and effective threat intelligence, it is vital to speak in the language of risk to decision makers.

Rick Holland, CISO of Digital Shadows, provided six tips for effective communication with stakeholders:

  1. Use their terminology; not yours. Those of us from both the intelligence and cybersecurity communities have a tendency to use our own abbreviations and terminology. Unless your intelligence consumer comes from your community, they won’t understand what you are trying to communicate. Use their own lexicon and analogies to help communicate your message.
  2. Focus on what they care about. If you are creating products for a technical audience, Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) are fine. They aren’t acceptable for executive level products. Business risk, assets, liabilities, profit and loss are terms executives are interested in. This has been said for many years; yet the problem persists.
  3. Create a personal story that resonates with your consumer. With as expansive as Trump’s business interests are and how pervasive intrusions are, it is highly likely that one of his companies has suffered a breach.
  4. Build briefing dossiers on your intelligence consumers. You build dossiers on your adversaries, why not build them for your intelligence consumers. What are their trigger words? What are they passionate about? Understanding and documenting what to say and what not to say is key for effective communication with a challenging consumer. Capturing this information is key; you need to learn from your successes and failures. Given the rate of turnover within organizations, capturing this knowledge is important for continuity of production.
  5. You may have to alter your existing practices. Just because you have historically done something doesn’t mean the approach can automatically be applied to a new intelligence consumer. When it comes to intelligence products, one size does not fit all. You will have to tailor your intelligence product’s format and timetable to the audience.
  6. Engage with them outside of official work channels. Look for ways to interact with your intelligence consumers outside of official forums and meetings. Would they be willing to mentor you? Could you take them out for lunch or coffee?  This should resonate with people from our space; come up with a benign social engineering strategy to establish trust that will be the foundation of an ongoing relationship.

5. Review

Obviously, the intelligence cycle is a cycle, so this is perhaps the most important stage. At the review stage, one analyzes the direction and goal of the intelligence and ascertains if those goals were met for further threat intelligence research.

Operationalizing Threat Intelligence

As we’ve outlined, it’s important to communicate effectively with stakeholders that have helped to shape the initial requirements of the intelligence program. However, it’s also important to ensure threat intelligence is actionable. After all, intelligence isn’t really intelligence if it doesn’t end in some type of action.

F3EAD

F3EAD (Find, Fix, Finish, Exploit, Analyze, and Disseminate) is an alternative, more tactical intelligence cycle from the contemporary intelligence cycle we have been through. F3EAD is commonly deployed by western militaries for operations, but is extremely applicable to a cyber security context. At Digital Shadows we believe these two cycles can be utilized together to better produce quality intelligence that satisfies both tactical and strategic requirements.

F3ead threat intelligence diagram

How does this work in practice? Let’s take a scenario, whereby a threat intelligence team have identified that their intellectual property is a significant target for APT Groups.

Phase Action
Direction Board level identification of APT groups as the core cyber security threat to the business
Collection The company’s threat intelligence team collects data gathered from internal response cases and fuses it with data provided by the external threat intelligence provider.
Analysis A full fusion and analysis of collected data over a strategic period of time (6 months to 1 year)
Dissemination Results communicated back to the board and the wider threat intelligence community around the specific APT threat that has targeted the company

Scenario Mapped to the Intelligence Cycle

Phase Action
Find Suspect activity identified on a number of hosts
Fix Multiple common indicators of suspicious activity identify a cluster of infected hosts
Finish Hosts are taken offline and employees are given new machines
Exploit Based on analysis of malware found within the infected hosts a number of specific Indicators of Compromise (IOCs) are identified by the team
Analyze Fusing the IOCs found ‘in house’ with the IOCs provided by the third part intelligence provider feeds into the wider picture of the APT threat and leads to further identification of anomalous behavior on the company’s network
Disseminate The results of the analysis are disseminated to both tactical consumers (SOC etc) and the strategic sponsors of the project i.e. the members of the ‘c suite’ with an interest in the issue

Scenario mapped to F3EAD

Mapping Mitre ATT&CK to Essential 8

Understanding common TTPs can be a useful way of identifying security gaps in your own organization, but it can be hard to translate this to actionable takeaways.

To combat this, we mapped some of the biggest campaigns to the Australian Signals Directorate’s (ASD) “Essential 8” where, they identified eight mitigation steps that they believe should be inherent for securing any organization – application whitelisting, patching applications, configuring Microsoft Office macros settings to block macros from the Internet, user application hardening, restricting administrative privileges, patching operating systems, utilizing multi-factor authentication, and backing up data daily.

As we outline in the blog, the Essential 8 maps very well to the MITRE ATT&CK framework and prevents many attacker techniques in the middle of the attack lifecycle. The Essential 8 does not make an organization immune to threats, but it increases the costs for adversaries to attack an organization.

Actions and Response for Threat Intelligence

Threat Intelligence should inform a decision, but also some sort of response. For example, you may learn that one of your third-parties has been breached, including some of your employee credentials. In this case, there should clearly be an action to reset the affected credentials.

Alternatively, there may be an actor registering spoof domains as part of a phishing campaign against you and your customers. Again, in this case, the domain in question ought to be taken down.

These are just two examples of the types of approach we’ve observed organizations taking, but there are countless others.

Threat Intelligence and Risk

As we outlined at the start, threat intelligence is different from risk. Risk is comprised of threat, but also other components. Mapping threat intelligence into risk frameworks ensures that you can better inform strategic decision making.

“Risk” takes many forms. It might be Octave, NIST, COBIT, FAIR, or many other types of IT risk management frameworks. These all draw out different ways for identifying assets, identifying vulnerabilities and threats, and identifying and mitigating risks.

At Digital Shadows, we have aligned our assessment of digital risk to FAIR. FAIR (Factored Analysis of Information Risk) is a “taxonomy of the factors that contribute to risk and how they affect each other. It is primarily concerned with establishing accurate probabilities for the frequency and magnitude of data loss events.” As a leading information risk framework, FAIR works because it breaks down a hard to measure concept into a set of easier to measure concepts.

Our FAIR-aligned risk scoring model is applied to each digital risk in SearchLight, taking into account only the detail that is available at the time of raising the alert. It is recognized that it is not possible to know all influencing factors for every organization and every risk; we do not know what mitigating controls are in place, or the actual financial cost of data within your organization. But by using scenarios, and defining associated loss events for each risk type, the resulting scoring model allows us to provide a benchmark to measure the digital risk of alert.

5 Ways to Get Started with Threat Intelligence For Free

Getting started with threat intelligence can be tricky and overwhelming. Here are 5 ways for you to get started with threat intelligence for your business right now.

  1. Make use of a range of free threat intelligence tools and free resources, as listed here: https://github.com/hslatman/awesome-threat-intelligence
  2. Read or listen to our weekly threat intelligence summaries. If you don’t have time to keep up with the latest and greatest, let us sum it up for you!
    1. Read it here: https://resources.digitalshadows.com/weekly-intelligence-summary
    2. Listen on your favorite podcast player or find the latest episodes here: https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk.
  3. Register for our free tool: Test Drive. This will give you 7 days access to Digital Shadows’:
    1. Intelligence profiles of threat actors
    2. Latest industry news
    3. Full access to dark web and criminal sources
  4. Read more! Katie Nickels, an industry expert and the ATT&ACK Threat Intelligence Lead at MITRE Corporation, produced a great post linking ten excellent blogs on getting started in threat intelligence.
  5. Check out and subscribe to our threat intelligence blog: https://www.digitalshadows.com/blog-and-research/category/threat-intelligence-tradecraft/

Want to talk with one of our Digital Shadows threat intelligence experts to see how we help businesses like yours tackle threat intelligence? Fill out the form below and we’ll follow-up!

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

RECAP: Discussing deception  with Chris Sanders

RECAP: Discussing deception with Chris Sanders

September 24, 2020 | 3 Min Read

When I was a Forrester Research analyst, I...
Unpicking Cybercriminals’ Personalities – Part 1:  Gender and Nationality

Unpicking Cybercriminals’ Personalities – Part 1: Gender and Nationality

September 23, 2020 | 9 Min Read

It’s easy to fall into the trap of...
DarkSide: The new ransomware group behind highly targeted attacks

DarkSide: The new ransomware group behind highly targeted attacks

September 22, 2020 | 8 Min Read

We’ve recently observed the emergence of a...
With the Empire falling, who will take over the throne?

With the Empire falling, who will take over the throne?

September 16, 2020 | 10 Min Read

With the Empire falling, who will take over...
Access Keys Exposed: More Than 40% Are For Database Stores

Access Keys Exposed: More Than 40% Are For Database Stores

September 14, 2020 | 6 Min Read

By now, we’ve all heard news about AWS...
ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

September 14, 2020 | 2 Min Read

This week’s host Kacey is joined by...
Recruitment fraud: Don’t spook your dream candidates this halloween

Recruitment fraud: Don’t spook your dream candidates this halloween

September 10, 2020 | 4 Min Read

Everyone wants their dream job. Some people...
Cyber espionage: How to not get spooked by nation-state actors

Cyber espionage: How to not get spooked by nation-state actors

September 8, 2020 | 8 Min Read

In all the years I’ve worked in the...
Revisiting Typosquatting and the 2020 US Presidential Election

Revisiting Typosquatting and the 2020 US Presidential Election

September 2, 2020 | 11 Min Read

In October 2019, Digital Shadows’ Photon...
What is DevSecOps and Why Do We Need It?

What is DevSecOps and Why Do We Need It?

August 12, 2020 | 4 Min Read

DevSecOps, SecDevOps, and any...
Dread takes on the spammers – who will come out on top?

Dread takes on the spammers – who will come out on top?

August 28, 2020 | 9 Min Read

Spamming is an irritating and sometimes...
RECAP: Discussing the evolution and trends of cybercrime with Geoff White

RECAP: Discussing the evolution and trends of cybercrime with Geoff White

August 25, 2020 | 8 Min Read

In late July 2020, Digital Shadows had the...
Validate Exposed Credentials with Okta to Save Even More Time

Validate Exposed Credentials with Okta to Save Even More Time

August 24, 2020 | 3 Min Read

SearchLight customers can now automatically...
Dark Web Forums – The new kid on the block

Dark Web Forums – The new kid on the block

August 18, 2020 | 12 Min Read

Introducing DWF There’s a new kid on...
Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

August 17, 2020 | 10 Min Read

Optiv recently released their 2020 Cyber...
ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

August 17, 2020 | 2 Min Read

Alex, Kacey, and Charles host this week’s...
It’s even easier to initiate takedowns in SearchLight

It’s even easier to initiate takedowns in SearchLight

August 12, 2020 | 3 Min Read

When faced with infringing content, phishing...
Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

August 11, 2020 | 15 Min Read

Just a few short months ago, the...
Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard...
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk...
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

Back in February, Digital Shadows published...
Account takeover: Expanding on impact

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion...
Ransomware Trends in Q2: How Threat Intelligence Helps

Ransomware Trends in Q2: How Threat Intelligence Helps

July 22, 2020 | 8 Min Read

If you’re anything like me, it can be a...
Jira Atlassian SearchLight   Integration

Jira Atlassian SearchLight   Integration

July 21, 2020 | 2 Min Read

On average, it’s estimated that security teams...
Abracadabra! – CryptBB demystifying the illusion of the private forum

Abracadabra! – CryptBB demystifying the illusion of the private forum

July 15, 2020 | 8 Min Read

You wouldn’t usually associate cybercriminal...
SearchLight’s Credential Validation: Only Focus on What Matters

SearchLight’s Credential Validation: Only Focus on What Matters

July 14, 2020 | 4 Min Read

Of the many use cases associated with threat...
Tax Fraud in 2020: Down But Not Out

Tax Fraud in 2020: Down But Not Out

July 13, 2020 | 4 Min Read

After a three month extension, tomorrow marks...
From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

July 7, 2020 | 9 Min Read

Account Takeover: Why criminals can’t...
Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

June 30, 2020 | 4 Min Read

We all have those days or that time of the...
Security Threat Intel Products and Services: Mapping SearchLight

Security Threat Intel Products and Services: Mapping SearchLight

June 10, 2020 | 6 Min Read

For those of you who have not yet seen, Gartner...
CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020

CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020

June 9, 2020 | 7 Min Read

A couple of weeks ago, the United States...
3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

May 11, 2020 | 13 Min Read

Co-authored by: Pratik Sinha MD PhD1,2, Alastair...
Threat Intelligence Feeds: Why Context is Key

Threat Intelligence Feeds: Why Context is Key

May 7, 2020 | 10 Min Read

Key Takeaways: Choosing which threat...
ShadowTalk Update – Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

ShadowTalk Update – Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

May 1, 2020 | 3 Min Read

Jamie, Adam, and Demelza join Viktoria for this...
What ‘The Wire’ can teach us about cybersecurity

What ‘The Wire’ can teach us about cybersecurity

April 21, 2020 | 12 Min Read

In the current era of self-isolation, remote...
ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

April 20, 2020 | 2 Min Read

This week we have new ShadowTalk guest joining us...
Zoom Security and Privacy Issues: Week in Review

Zoom Security and Privacy Issues: Week in Review

April 17, 2020 | 10 Min Read

In the last month, you’ve likely been hearing...
Top Priorities for 3rd party risk assessments

Top Priorities for 3rd party risk assessments

April 16, 2020 | 6 Min Read

If you’re like me, you’re probably tired of...
ShadowTalk Update – COVID-19 Third Party App Risks, Zoom, and DarkHotel Hackers

ShadowTalk Update – COVID-19 Third Party App Risks, Zoom, and DarkHotel Hackers

April 13, 2020 | 3 Min Read

Coming to you from Dallas this week - we have...
COVID-19: Risks of Third-Party Apps

COVID-19: Risks of Third-Party Apps

April 7, 2020 | 7 Min Read

As the global community continues to pursue...
The Digital Risk Underdog: Remediation

The Digital Risk Underdog: Remediation

April 1, 2020 | 4 Min Read

When it comes to evaluating threat intelligence...
COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent...
ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

March 30, 2020 | 2 Min Read

This week the team looks at some...
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

Threat models are an often discussed but...
ShadowTalk Update – Data Breaches, Stalkerware, and Dopplepaymer ransomware

ShadowTalk Update – Data Breaches, Stalkerware, and Dopplepaymer ransomware

March 2, 2020 | 2 Min Read

Coming to you from Dallas this week -...
Mapping MITRE ATT&CK to the Equifax Indictment

Mapping MITRE ATT&CK to the Equifax Indictment

February 24, 2020 | 6 Min Read

  On Monday, February 10th, the United...
The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

February 18, 2020 | 4 Min Read

  The dust hasn’t quite settled on the...
ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack

ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack

February 17, 2020 | 2 Min Read

Roses are red, violets are blue, here’s...
The Devil, the Details, and the Analysis of Competing Hypothesis

The Devil, the Details, and the Analysis of Competing Hypothesis

February 13, 2020 | 5 Min Read

  Digital Shadows’ Photon Research Team...
ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

February 10, 2020 | 3 Min Read

In this week’s episode, Jamie starts by...
The Iowa Caucus: Third-Party Apps Can Be Risky Business

The Iowa Caucus: Third-Party Apps Can Be Risky Business

February 6, 2020 | 7 Min Read

  If you’ve seen HBO’s Silicon...
Red Team Blues: A 10 step security program for Windows Active Directory environments

Red Team Blues: A 10 step security program for Windows Active Directory environments

February 6, 2020 | 9 Min Read

  A fun tweet crossed our path recently,...
How to Operationalize Threat Intelligence: Actionability and Context

How to Operationalize Threat Intelligence: Actionability and Context

February 5, 2020 | 5 Min Read

  In 1988 the idea of a Computer...
ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

February 3, 2020 | 3 Min Read

Rick Holland jumps in to kick-off this...
Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

January 29, 2020 | 7 Min Read

  As the cyber threat intelligence (CTI)...
SANS Cyber Threat Intelligence Summit 2020: A Recap

SANS Cyber Threat Intelligence Summit 2020: A Recap

January 28, 2020 | 9 Min Read

  Last week I attended the eighth annual...
ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

January 20, 2020 | 3 Min Read

Kacey, Charles, Alex, and Harrison host...
Third Party Risk: 4 ways to manage your security ecosystem

Third Party Risk: 4 ways to manage your security ecosystem

January 16, 2020 | 5 Min Read

  The digital economy has multiplied the...
NSA Vulnerability Disclosure: Pros and Cons

NSA Vulnerability Disclosure: Pros and Cons

January 15, 2020 | 5 Min Read

  On Monday, January 13th, Brian Krebs...
CVE-2019-19781: Analyzing the Exploit

CVE-2019-19781: Analyzing the Exploit

January 14, 2020 | 4 Min Read

  On December 17th 2019, CVE-2019-19781...
Iran and the United States – start of the long war or return to normal?

Iran and the United States – start of the long war or return to normal?

January 13, 2020 | 9 Min Read

  On 03 Jan 2020, the United States...
Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

January 7, 2020 | 6 Min Read

  With the recent news of Qasem Soleimani...
Iran and Soleimani: Monitoring the Situation

Iran and Soleimani: Monitoring the Situation

January 7, 2020 | 9 Min Read

*This blog has been updated as of Jan 9,...
Iranian Cyber Threats: Practical Advice for Security Professionals

Iranian Cyber Threats: Practical Advice for Security Professionals

January 6, 2020 | 8 Min Read

Unless you went very dark for an extended holiday...
A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias

A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias

December 5, 2019 | 9 Min Read

  In an industry prone to going overboard...
ShadowTalk Update – RIPlace, Trickbot, and Russian-language forum Probiv

ShadowTalk Update – RIPlace, Trickbot, and Russian-language forum Probiv

December 2, 2019 | 3 Min Read

No ShadowTalk podcast episode this week, but...
ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarket

ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarket

November 25, 2019 | 3 Min Read

Adam Cook and Viktoria Austin talk through the...
BSidesDFW 2019: OSINT Workshop Recap

BSidesDFW 2019: OSINT Workshop Recap

November 18, 2019 | 5 Min Read

  A few Saturdays ago, we had the...
ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

November 18, 2019 | 3 Min Read

Dallas is sound effects and all this week with...
Dynamic CVVs: 2FA 2Furious

Dynamic CVVs: 2FA 2Furious

November 12, 2019 | 5 Min Read

  The security community is quick to...
ShadowTalk Update – BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

ShadowTalk Update – BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

November 11, 2019 | 3 Min Read

This week the London team looks at the following...
ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

November 4, 2019 | 4 Min Read

Adam Cook, Philip Doherty, and Viktoria Austin...
Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

October 31, 2019 | 6 Min Read

  With the recent breach that targeted...
Cybercriminal credit card stores: Is Brian out of the club?

Cybercriminal credit card stores: Is Brian out of the club?

October 31, 2019 | 8 Min Read

  If you’re an avid follower of Digital...
Your Cyber Security Career – Press start to begin

Your Cyber Security Career – Press start to begin

October 30, 2019 | 13 Min Read

  October was Cyber Security Awareness...
Australia Cyber Threat Landscape report (H1 2019)

Australia Cyber Threat Landscape report (H1 2019)

October 29, 2019 | 5 Min Read

Depending on where you are in the world, October...
ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

October 25, 2019 | 3 Min Read

We’ve got all 3 ShadowTalk hosts in Dallas this...
WiFi Security: Dispelling myths of using public networks

WiFi Security: Dispelling myths of using public networks

October 23, 2019 | 9 Min Read

We have all seen many articles, blogs, endless...
Japan Cyber Threat Landscape report (H1 2019)

Japan Cyber Threat Landscape report (H1 2019)

October 22, 2019 | 5 Min Read

Japan: currently the host of the multi-national...
ShadowTalk Update – Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

ShadowTalk Update – Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

October 18, 2019 | 3 Min Read

Kacey, Charles, Harrison, and Alex kick off this...
Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

October 17, 2019 | 9 Min Read

Honeypots can be useful tools for gathering...
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

October 16, 2019 | 15 Min Read

Typosquatting. It’s a phrase most of us know in...
ShadowTalk Update – Iran-linked APT35, Skimming by Magecart 4, Rancour, and Emotet Resurgence

ShadowTalk Update – Iran-linked APT35, Skimming by Magecart 4, Rancour, and Emotet Resurgence

October 11, 2019 | 3 Min Read

We’re back in London this week! Viktoria chats...
ANU Breach Report: Mapping to Mitre ATT&CK Framework

ANU Breach Report: Mapping to Mitre ATT&CK Framework

October 11, 2019 | 14 Min Read

Introduction This week, the Australian National...
Top Threat Intelligence Podcasts to Add to Your Playlist

Top Threat Intelligence Podcasts to Add to Your Playlist

October 3, 2019 | 4 Min Read

Looking for some new threat intelligence podcasts...
Domain Squatting: The Phisher-man’s Friend

Domain Squatting: The Phisher-man’s Friend

October 1, 2019 | 8 Min Read

In the past we have talked about the internal...
ShadowTalk Update – Tortoiseshell Targets IT Providers, the Tyurin Indictment, and Emotet’s Return

ShadowTalk Update – Tortoiseshell Targets IT Providers, the Tyurin Indictment, and Emotet’s Return

September 27, 2019 | 4 Min Read

Viktoria hosts this week’s episode in London...
Singapore Cyber Threat Landscape report (H1 2019)

Singapore Cyber Threat Landscape report (H1 2019)

September 26, 2019 | 7 Min Read

Despite being the second smallest country in...
Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework

Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework

September 25, 2019 | 7 Min Read

Between 2012 to mid-2015, U.S. financial...
Nemty Ransomware: Slow and Steady Wins the Race?

Nemty Ransomware: Slow and Steady Wins the Race?

September 19, 2019 | 3 Min Read

As we outlined recently, ransomware is a key...
NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries

NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries

September 18, 2019 | 7 Min Read

The United Kingdom’s National Cyber Security...
Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

September 10, 2019 | 2 Min Read

Back in February, I wrote about how we avoid the...
ShadowTalk Update – Ryuk Ransomware, Twitter rids SMS tweets, and Facebook Records Exposed

ShadowTalk Update – Ryuk Ransomware, Twitter rids SMS tweets, and Facebook Records Exposed

September 9, 2019 | 3 Min Read

Alex, Alec, and Harrison are in the room today...
Emotet Returns: How To Track Its Updates

Emotet Returns: How To Track Its Updates

August 26, 2019 | 5 Min Read

What is Emotet? Emotet started life as a banking...
ShadowTalk Update – Texas Ransomware Outbreaks and Phishing Attacks Using Custom 404 pages

ShadowTalk Update – Texas Ransomware Outbreaks and Phishing Attacks Using Custom 404 pages

August 23, 2019 | 3 Min Read

Charles Ragland (a brand new ShadowTalk-er!) and...
The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

August 19, 2019 | 6 Min Read

Black Hat and DEFCON are a wrap! Digital Shadows...
Black Hat and DEFCON 2019 – Some of our Favorite Sessions

Black Hat and DEFCON 2019 – Some of our Favorite Sessions

August 19, 2019 | 9 Min Read

The team were fortunate to go to Black Hat and...
Recon Village: Panning for gold

Recon Village: Panning for gold

August 1, 2019 | 7 Min Read

Richard will be presenting ‘Asset Discovery:...
The Account Takeover Kill Chain: A Five Step Analysis

The Account Takeover Kill Chain: A Five Step Analysis

July 30, 2019 | 17 Min Read

It’s no secret that credential exposure is a...
ShadowTalk Update – More BlueKeep updates, FSB contractor hacked, and the Enigma Market

ShadowTalk Update – More BlueKeep updates, FSB contractor hacked, and the Enigma Market

July 29, 2019 | 3 Min Read

Christian and Travis sit down with Harrison to...
Harnessing Exposed Data to Enhance Cyber Intelligence

Harnessing Exposed Data to Enhance Cyber Intelligence

July 11, 2019 | 7 Min Read

  An illicit and lucrative trade has...
ShadowTalk Update – XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

ShadowTalk Update – XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

June 17, 2019 | 3 Min Read

This week Harrison is joined by Travis and Alec...
Managing Infosec Burnout: The Hidden Perpetrator

Managing Infosec Burnout: The Hidden Perpetrator

June 10, 2019 | 8 Min Read

The secret of the burnout epidemic lies in how we...
BlueKeep: Cutting through the hype to prepare your organization

BlueKeep: Cutting through the hype to prepare your organization

May 24, 2019 | 8 Min Read

Over the last week we have all been tuning into...
Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™

Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™

May 15, 2019 | 15 Min Read

The internet has been aflame with discussions...
Cyber Talent Gap: How to Do More With Less

Cyber Talent Gap: How to Do More With Less

May 14, 2019 | 5 Min Read

The challenge facing us today is twofold: not...
ShadowTalk Update – 5.06.19

ShadowTalk Update – 5.06.19

May 13, 2019 | 4 Min Read

Kacey and Alex join HVR this week to talk through...
ShadowTalk Update – 5.06.19

ShadowTalk Update – 5.06.19

May 6, 2019 | 3 Min Read

Phil and newcomer Benjamin Newman join Harrison...
ShadowTalk Update – 4.29.19

ShadowTalk Update – 4.29.19

April 29, 2019 | 3 Min Read

Jamie and Alex are back with Harrison this week...
ShadowTalk Update – 4.22.19

ShadowTalk Update – 4.22.19

April 22, 2019 | 3 Min Read

This week the team discusses an unidentified...
ShadowTalk Update – 4.15.19

ShadowTalk Update – 4.15.19

April 15, 2019 | 4 Min Read

Christian and Jamie join Harrison for another...
Reducing your attack surface

Reducing your attack surface

April 9, 2019 | 4 Min Read

What is an attack surface According to OWASP, an...
ShadowTalk Update – 4.8.19

ShadowTalk Update – 4.8.19

April 8, 2019 | 3 Min Read

Jamie, Alex and Zuko sit down with Harrison to...
Predator: Modeling the attacker’s mindset

Predator: Modeling the attacker’s mindset

April 2, 2019 | 6 Min Read

Author: Richard Gold  The phrases...
ShadowTalk Update – 4.1.19

ShadowTalk Update – 4.1.19

March 29, 2019 | 3 Min Read

Christian and Jamie sit down with Harrison to...
ShadowTalk Update – 3.25.19

ShadowTalk Update – 3.25.19

March 25, 2019 | 4 Min Read

Harrison chats with Jamie and Alex this week on...
ShadowTalk Update – 3.18.19

ShadowTalk Update – 3.18.19

March 18, 2019 | 3 Min Read

Harrison sits down with Rose and Christian for a...
ShadowTalk Update – 3.11.19

ShadowTalk Update – 3.11.19

March 11, 2019 | 3 Min Read

This week Jamie and Alex join Harrison to look at...
Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

March 6, 2019 | 7 Min Read

Authors: Simon Hall, Isidoros...
ShadowTalk Update – 3.04.19

ShadowTalk Update – 3.04.19

March 4, 2019 | 4 Min Read

This week Rose and Phil join Harrison to discuss...
SamSam But Different: MITRE ATT&CK and the SamSam Group Indictment

SamSam But Different: MITRE ATT&CK and the SamSam Group Indictment

February 26, 2019 | 16 Min Read

In our latest research report, A Tale of Epic...
ShadowTalk Update – 2.25.19

ShadowTalk Update – 2.25.19

February 25, 2019 | 4 Min Read

This week, Phil and Alex join Harrison to discuss...
ShadowTalk Update – 2.18.19

ShadowTalk Update – 2.18.19

February 19, 2019 | 3 Min Read

Alex and Jamie matched with Harrison in this...
Introducing Our Practical Guide to Reducing Digital Risk

Introducing Our Practical Guide to Reducing Digital Risk

February 12, 2019 | 5 Min Read

Download a copy of A Practical Guide to Reducing...
ShadowTalk Update – 2.11.19

ShadowTalk Update – 2.11.19

February 8, 2019 | 3 Min Read

Alex and Jamie join Harrison to discuss how the...
Understanding Digital Risk Protection

Understanding Digital Risk Protection

February 8, 2019 | 3 Min Read

There has been a lot of talk recently about...
SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

February 5, 2019 | 7 Min Read

We were fortunate to attend the 2019 SANS DFIR...
ShadowTalk Update – 2.4.19

ShadowTalk Update – 2.4.19

February 4, 2019 | 4 Min Read

This week, Alex Guirakhoo and Jamie Collier join...
ShadowTalk Update – 1.28.19

ShadowTalk Update – 1.28.19

January 26, 2019 | 3 Min Read

This week Rose, Jamie, and Alex talk with...
ShadowTalk Update – 1.21.19

ShadowTalk Update – 1.21.19

January 19, 2019 | 3 Min Read

This week, Alex Guirakhoo and Philip Doherty join...
Don’t Just Read Intelligence: Learn From It

Don’t Just Read Intelligence: Learn From It

January 17, 2019 | 5 Min Read

The Importance of Learning in Cyber...
ShadowTalk Update – 1.14.19

ShadowTalk Update – 1.14.19

January 14, 2019 | 3 Min Read

We’ve just released our first Weekly...
Security Analyst Spotlight Series: Phil Doherty

Security Analyst Spotlight Series: Phil Doherty

January 10, 2019 | 5 Min Read

Organizations rely on Digital Shadows to be an...
The Most Popular Security Blog Topics of 2018

The Most Popular Security Blog Topics of 2018

December 18, 2018 | 3 Min Read

It’s been a busy year on the Digital Shadows...
ShadowTalk Update – 17.10.2018

ShadowTalk Update – 17.10.2018

December 17, 2018 | 3 Min Read

Following from our recent research, Tackling...
Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

December 12, 2018 | 8 Min Read

Overall, the infosec community has done a...
ShadowTalk Update – 12.10.2018

ShadowTalk Update – 12.10.2018

December 10, 2018 | 3 Min Read

In this week's ShadowTalk, Rick Holland and...
2019 Cyber Security Forecasts: Six Things on the Horizon

2019 Cyber Security Forecasts: Six Things on the Horizon

December 5, 2018 | 9 Min Read

The new year is upon us! 2018 brought us Spectre...
ShadowTalk Update – 12.03.2018

ShadowTalk Update – 12.03.2018

December 3, 2018 | 3 Min Read

Michael Marriott, Dr Richard Gold and Simon Hall...
Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

November 29, 2018 | 5 Min Read

I’m a big fan of the Cobalt Strike threat...
Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

November 27, 2018 | 3 Min Read

Australian Signals Directorate Essential 8 The...
ShadowTalk Update – 11.26.2018

ShadowTalk Update – 11.26.2018

November 26, 2018 | 3 Min Read

With Black Friday kicking off the holiday...
ShadowTalk Update – 11.19.2018

ShadowTalk Update – 11.19.2018

November 19, 2018 | 2 Min Read

Leaked court documents surfaced this week...
A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

November 13, 2018 | 5 Min Read

I recently attended the ENISA (European Union...
ShadowTalk Update – 11.12.2018

ShadowTalk Update – 11.12.2018

November 12, 2018 | 2 Min Read

In this week's ShadowTalk, we discuss the big...
Security Analyst Spotlight Series: Adam Cook

Security Analyst Spotlight Series: Adam Cook

November 7, 2018 | 6 Min Read

Organizations rely on our cyber intelligence...
ShadowTalk Update – 11.05.2018

ShadowTalk Update – 11.05.2018

November 5, 2018 | 3 Min Read

In November 2016, Tesco Bank suffered a series of...
ShadowTalk Update – 10.29.2018

ShadowTalk Update – 10.29.2018

October 29, 2018 | 3 Min Read

In this week's ShadowTalk, Harrison Van Riper and...
Cyber Security Awareness Month: Week 4 – Privacy

Cyber Security Awareness Month: Week 4 – Privacy

October 25, 2018 | 6 Min Read

This week in Brussels, Apple’s chief executive...
ShadowTalk Update – 10.22.2018

ShadowTalk Update – 10.22.2018

October 22, 2018 | 3 Min Read

In this week's ShadowTalk, following on from last...
ShadowTalk Update – 10.15.2018

ShadowTalk Update – 10.15.2018

October 15, 2018 | 3 Min Read

In ShadowTalk this week, Digital Shadows' CISO...
ShadowTalk Update – 10.08.2018

ShadowTalk Update – 10.08.2018

October 8, 2018 | 3 Min Read

In this week’s Shadow Talk, Rafael Amado joins...
Security Analyst Spotlight Series: Christian Rencken

Security Analyst Spotlight Series: Christian Rencken

October 2, 2018 | 5 Min Read

Organizations rely on our cyber intelligence...
ShadowTalk Update – 10.01.2018

ShadowTalk Update – 10.01.2018

October 1, 2018 | 3 Min Read

Rick Holland, CISO of Digital Shadows, joins...
ShadowTalk Update – 09.24.2018

ShadowTalk Update – 09.24.2018

September 24, 2018 | 3 Min Read

In ShadowTalk this week, Richard Gold, Simon Hall...
The 2017 FSB indictment and Mitre ATT&CK™

The 2017 FSB indictment and Mitre ATT&CK™

September 20, 2018 | 11 Min Read

On  February 28th, 2017 the US Department of...
Non-traditional State Actors: New Kids on the Block

Non-traditional State Actors: New Kids on the Block

September 18, 2018 | 5 Min Read

Cyber threat reporting sits at a dichotomy. On...
ShadowTalk Update – 09.17.2018

ShadowTalk Update – 09.17.2018

September 17, 2018 | 2 Min Read

In this week’s ShadowTalk, Richard Gold and...
MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

September 13, 2018 | 18 Min Read

On 6th September the US Department of Justice...
ShadowTalk Update – 09.10.2018

ShadowTalk Update – 09.10.2018

September 10, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and...
ShadowTalk Update – 09.03.2018

ShadowTalk Update – 09.03.2018

September 3, 2018 | 3 Min Read

Not a week goes by without an example where...
Security Analyst Spotlight Series: Heather Farnsworth

Security Analyst Spotlight Series: Heather Farnsworth

August 30, 2018 | 5 Min Read

Organizations rely on Digital Shadows to be an...
Understanding Threat Modelling

Understanding Threat Modelling

August 29, 2018 | 4 Min Read

What is a threat model? Threat modelling, as...
ShadowTalk Update – 08.27.2018

ShadowTalk Update – 08.27.2018

August 27, 2018 | 3 Min Read

With November’s U.S. midterm elections...
Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

August 22, 2018 | 12 Min Read

On August 1, 2018, the US Department of Justice...
ShadowTalk Update – 08.20.2018

ShadowTalk Update – 08.20.2018

August 20, 2018 | 3 Min Read

In this week’s ShadowTalk, we dig into ATM...
ShadowTalk Update – 08.13.2018

ShadowTalk Update – 08.13.2018

August 13, 2018 | 3 Min Read

In this week’s ShadowTalk it's all things...
ShadowTalk Update – 08.06.2018

ShadowTalk Update – 08.06.2018

August 6, 2018 | 2 Min Read

In this week’s episode, JP Perez-Etchegoyen,...
ShadowTalk Update – 07.30.2018

ShadowTalk Update – 07.30.2018

July 30, 2018 | 3 Min Read

Richard Gold and Rose Bernard join Michael...
Cyber Threats to ERP Applications: Threat Landscape

Cyber Threats to ERP Applications: Threat Landscape

July 24, 2018 | 4 Min Read

What are ERP Applications? Organizations rely on...
ShadowTalk Update – 07.23.2018

ShadowTalk Update – 07.23.2018

July 23, 2018 | 3 Min Read

In this week's ShadowTalk, we discuss the Robert...
Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

July 17, 2018 | 10 Min Read

A recent indictment revealed how the GRU...

Digital Risk Protection: Avoid Blind Spots with a More Complete Risk Picture

July 17, 2018 | 5 Min Read

“Digital Shadows leads the pack for digital...
ShadowTalk Update – 07.16.2018

ShadowTalk Update – 07.16.2018

July 16, 2018 | 2 Min Read

In this week's ShadowTalk, Digital Shadows’...
ShadowTalk Update – 07.09.2018

ShadowTalk Update – 07.09.2018

July 9, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and...
Reducing Your Attack Surface: From a Firehose to a Straw

Reducing Your Attack Surface: From a Firehose to a Straw

July 5, 2018 | 6 Min Read

What is Attack Surface Reduction? Attack Surface...
ShadowTalk Update – 07.02.2018

ShadowTalk Update – 07.02.2018

July 2, 2018 | 3 Min Read

In this week's ShadowTalk, following news that a...
ShadowTalk Update – 06.25.2018

ShadowTalk Update – 06.25.2018

June 25, 2018 | 3 Min Read

In this week’s ShadowTalk, Simon Hall and...
ShadowTalk Update – 06.18.2018

ShadowTalk Update – 06.18.2018

June 18, 2018 | 3 Min Read

In ShadowTalk this week, Dr Richard Gold and...
Shadow Talk Update – 06.11.2018

Shadow Talk Update – 06.11.2018

June 11, 2018 | 3 Min Read

In Shadow Talk this week, Dr Richard Gold joins...
Shadow Talk Update – 06.04.2018

Shadow Talk Update – 06.04.2018

June 4, 2018 | 3 Min Read

In this week's Shadow Talk, Dr Richard Gold joins...
7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

May 30, 2018 | 5 Min Read

Lockpath’s Vice President of Development Tony...
Shadow Talk Update – 05.29.2018

Shadow Talk Update – 05.29.2018

May 29, 2018 | 4 Min Read

The focus in this week’s Shadow Talk is on...
Security Analyst Spotlight Series: Rose Bernard

Security Analyst Spotlight Series: Rose Bernard

May 23, 2018 | 5 Min Read

Organizations rely on our cyber intelligence...
Shadow Talk Update – 05.21.2018

Shadow Talk Update – 05.21.2018

May 21, 2018 | 3 Min Read

In this week’s episode of Shadow Talk, Digital...
Shadow Talk Update – 05.14.2018

Shadow Talk Update – 05.14.2018

May 14, 2018 | 3 Min Read

In this week’s episode Shadow Talk we look at...
Shadow Talk Update – 05.07.2018

Shadow Talk Update – 05.07.2018

May 7, 2018 | 3 Min Read

In this week’s episode Shadow Talk, it’s a...
Shadow Talk Update – 04.30.2018

Shadow Talk Update – 04.30.2018

April 30, 2018 | 2 Min Read

In this week’s episode of Shadow Talk, we cover...
Shadow Talk Update – 04.23.2018

Shadow Talk Update – 04.23.2018

April 23, 2018 | 3 Min Read

This week’s Shadow Talk discusses Russia’s...
Shadow Talk Update – 04.16.2018

Shadow Talk Update – 04.16.2018

April 16, 2018 | 5 Min Read

This week’s Shadow Talk discusses a Cisco Smart...
Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

April 12, 2018 | 5 Min Read

The recent assassination attempt on former...
Shadow Talk Update – 04.09.2018

Shadow Talk Update – 04.09.2018

April 9, 2018 | 4 Min Read

Back from the Easter break, this week’s Shadow...
Shadow Talk Update – 03.26.2018

Shadow Talk Update – 03.26.2018

March 26, 2018 | 4 Min Read

This week’s Shadow Talk discusses what the...
Shadow Talk Update – 03.19.2018

Shadow Talk Update – 03.19.2018

March 19, 2018 | 5 Min Read

This week’s Shadow Talk features the latest...
Shadow Talk Update – 03.12.2018

Shadow Talk Update – 03.12.2018

March 12, 2018 | 3 Min Read

This week’s Shadow Talk features more...
Shadow Talk Update – 03.05.2018

Shadow Talk Update – 03.05.2018

March 5, 2018 | 3 Min Read

On this week's Shadow Talk podcast, the Research...
Shadow Talk Update – 02.26.2018

Shadow Talk Update – 02.26.2018

February 26, 2018 | 3 Min Read

In this week’s podcast, the Digital Shadows...
Prioritize to Avoid Security Nihilism

Prioritize to Avoid Security Nihilism

February 20, 2018 | 3 Min Read

In many situations associated with cyber...
Shadow Talk Update – 02.19.2018

Shadow Talk Update – 02.19.2018

February 19, 2018 | 3 Min Read

In this week’s Shadow Talk podcast, the Digital...
Cryptojacking: An Overview

Cryptojacking: An Overview

February 13, 2018 | 5 Min Read

What is Cryptojacking? Cryptojacking is the...
Shadow Talk Update – 12.02.2018

Shadow Talk Update – 12.02.2018

February 12, 2018 | 4 Min Read

With the 2018 Winter Games beginning this week,...
Shadow Talk Update – 02.05.2018

Shadow Talk Update – 02.05.2018

February 5, 2018 | 3 Min Read

In this week’s podcast episode of Shadow Talk,...
Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

January 30, 2018 | 7 Min Read

I am one of you. I have been in the marketing...
Shadow Talk Update – 01.29.2018

Shadow Talk Update – 01.29.2018

January 29, 2018 | 4 Min Read

In this week’s Shadow Talk podcast episode, the...
Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

January 16, 2018 | 5 Min Read

This post originally appeared on...

Digital Shadows’ Most Popular Blogs of 2017: Analysis of Competing Hypotheses For The Win

December 12, 2017 | 3 Min Read

This time last year, we looked back at the blogs...
Why “Have a Safe Trip” Is Taking On Greater Meaning

Why “Have a Safe Trip” Is Taking On Greater Meaning

November 14, 2017 | 5 Min Read

This post originally appeared...
Groupthink

Know Where to Find Your Digital Risk

November 10, 2017 | 4 Min Read

This post originally appeared on SecurityWeek....
powershell

PowerShell Security Best Practices

October 8, 2019 | 9 Min Read

Updated as of October 8, 2019 Threat actors...
Computer Worms Blog

Return of the Worm: A Red Hat Analysis

September 7, 2017 | 4 Min Read

A computer worm is a piece of malware that is...
Threat Intelligence Social Media Security

All That Twitterz Is Not Gold: Why You Need to Rely on Multiple Sources of Intelligence

August 9, 2017 | 3 Min Read

Twitter has become an extremely valuable tool for...
Threat Model

What is a Threat Model, and Why Organizations Should Care

July 31, 2017 | 4 Min Read

Many organizations are exquisitely aware that...
Criminal Market Place Bitcoin Virtual Currency

The Future of Marketplaces: Forecasting the Decentralized Model

July 17, 2017 | 4 Min Read

Last week we wrote about the disappearance of...
AlphaBay Hansa Seized

AlphaBay Disappears: 3 Scenarios to Look For Next

July 14, 2017 | 6 Min Read

The AlphaBay dark web marketplace has been...
Penetration Testing

Threat Led Penetration Testing – The Past, Present and Future

July 10, 2017 | 5 Min Read

What is Threat Led Penetration Testing? Threat...
Cyber Criminal Attack Vectors

Keep Your Eyes on the Prize: Attack Vectors are Important But Don’t Ignore Attacker Goals

June 23, 2017 | 5 Min Read

Reporting on intrusions or attacks often dwells...
Wanna Cry Ransomware

WannaCry: An Analysis of Competing Hypotheses – Part II

June 7, 2017 | 7 Min Read

Following the furore of last month’s WannaCry...
Encrypted Files WannaCry

WannaCry: An Analysis of Competing Hypotheses

May 18, 2017 | 6 Min Read

On 12 May 2017, as the WannaCry ransomware spread...
NIST Authentication

Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords

May 9, 2017 | 4 Min Read

Passwords have taken a beating over the past...
Brand Reputation Digital Risk

The 3 Pillars of Digital Risk Management: Part 3 – The Top 5 Main Risks of Reputational Damage

April 27, 2017 | 2 Min Read

In this 3-part blog series, we discuss how each...
Cyber Threats

The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

April 13, 2017 | 3 Min Read

What is Digital Risk Management? The National...
Research Intelligence Sources

All Sources Are Not the Same; Why Diversity Is Good for Intelligence

April 11, 2017 | 3 Min Read

As we all know, if you listen to just one side of...
Mobile App Screen

5 Risks Posed By Mobile Applications That SearchLight Helps You Manage

March 14, 2017 | 2 Min Read

Organizations face a wide range of risks online,...
Penetration Testing

Step by Step: The Changing Face of Threat Led Penetration Testing

February 28, 2017 | 4 Min Read

Organizations are increasingly adopting the...
Intelligence Cycle

F3EAD: Find, Fix, Finish, Exploit, Analyze and Disseminate – The Alternative Intelligence Cycle

February 8, 2017 | 4 Min Read

The F3EAD cycle (Find, Fix Finish, Exploit,...
Intelligence Sources

Two Ways to Effectively Tailor Your Intelligence Products

January 17, 2017 | 4 Min Read

In my previous blog, “Trump and Intelligence: 6...
Intelligence Consumer Trump

Trump and Intelligence: 6 Ways To Deal With Challenging Intelligence Consumers

January 4, 2017 | 4 Min Read

It is no secret the President Elect Trump is...
Forecasts Cyber Security

You Should Consider Forecasts, Not Predictions

December 9, 2016 | 4 Min Read

Well it’s that time of year again. Sorry, not...
Chess Game

A Model of Success: Anticipating Your Attackers’ Moves

December 1, 2016 | 4 Min Read

In a previous blog, we discussed the role of...
Tesco Bank

Leak on Aisle 12! An Analysis of Competing Hypotheses for the Tesco Bank Incident

November 11, 2016 | 5 Min Read

On November 6, 2016 multiple UK media outlets...
Email Security

Five Tips For Better Email Security

November 8, 2016 | 4 Min Read

While security is everyone’s responsibility,...
Professional Services Digital Shadows

Digital Risk Monitoring Is A Service, Not a Distinct Capability

October 11, 2016 | 2 Min Read

Digital Shadows was recently recognized as a...
Strategic Support Force

Balancing the Scales: The PRC’s Shift to Symmetrical Engagement

October 6, 2016 | 4 Min Read

Over the past few years we have observed the...
Forrester

Digital Risk Monitoring Can Negate ‘Indicators of Exhaustion’

September 26, 2016 | 2 Min Read

When I first joined Digital Shadows in January, I...
SCADA hacks

Show me the context: The hacking proof of concept

September 8, 2016 | 2 Min Read

A common feature at security conferences,...
HackBack

The cyber defender and attacker imbalance – a disproportionate impact

September 6, 2016 | 3 Min Read

You might be forgiven for thinking that...
SWIFT network

Hybrid cyber/physical criminal operations – where network intrusions meet the physical world

August 30, 2016 | 3 Min Read

At some stage, almost every crime committed...
False flag operations

False flags in cyber intrusions – why bother?

August 17, 2016 | 3 Min Read

False flag operations have long existed in the...
TTPs

Getting In Gear: Accounting for Tactical and Strategic Intelligence

July 26, 2016 | 3 Min Read

We’ve written before about how we like to map...
Indicator of Compromise

5 Takeaways From The “Building A Strategic Threat Intelligence Program” Webinar

July 26, 2016 | 3 Min Read

Last week, the great Mike Rothman (of Securosis...
Syrian Electronic Army

Towards a(nother) new model of attribution

July 21, 2016 | 4 Min Read

Actor attribution is a common issue and activity...
Lulz Boat

Open Source Intelligence versus Web Search: What’s The Difference?

July 11, 2016 | 4 Min Read

“I can get that from Google!” – is a common...
threat intelligence

Spidey-sense for the people

June 23, 2016 | 5 Min Read

If you liked Marvel’s SpiderMan then you will...
cyberspace

Standoff in cyberspace

June 17, 2016 | 3 Min Read

In physical security terminology, standoff is the...
Intelligence Collection

Inconsistencies in Intelligence Collection

June 17, 2016 | 4 Min Read

Amid the rising talk of “intelligence” within...
intelligence cycle

Building an Intelligence Capability: Agility, Creativity and Diversity

June 2, 2016 | 2 Min Read

The Internet is a big old place, full of...
risk

Are you certain you know what risk means?

May 31, 2016 | 5 Min Read

You’re the person in charge of safety on the...
Advanced Persistent Threat

The Plan is Mightier than the Sword – Re(sources)

May 24, 2016 | 3 Min Read

After having discussed the importance of planning...
Operational Relay Boxes

The Plan is Mightier than the Sword – Persistence

May 24, 2016 | 5 Min Read

In the last blog post, I talked about the...
Advanced Persistent Threat

The Plan is Mightier than the Sword – Planning

May 24, 2016 | 4 Min Read

Media reports of breaches against major...
Intelligence Cycle

Getting Strategic With Your Threat Intelligence Program

April 26, 2016 | 4 Min Read

Tactical feeds have dominated the threat...
Artificial Intelligence

Roboanalyst: The Future of Threat Intelligence?

April 25, 2016 | 3 Min Read

Artificial Intelligence (AI) is currently going...
antifragile security

Antifragile Security: Bouncing Back Stronger

March 21, 2016 | 3 Min Read

Strong, robust, stable, resilience – these are...
VMware

Moar Sand!

March 10, 2016 | 3 Min Read

Let’s face it, many organizations have their...
Human in the Loop

Uncertainties in the Language of Uncertainty – and why we need to talk about it

February 25, 2016 | 4 Min Read

If you know much about Digital Shadows...
3 letter guys

Intelligence vs. Infosec: The 3-letter-guy to the rescue?

February 25, 2016 | 3 Min Read

Whenever Royal Marines deploy on operations, they...
data breach

WHAT DO YOU MEAN IT WAS AN ACCIDENT?

February 25, 2016 | 4 Min Read

We always want to find someone or something to...
DDoS extortion

Using News Reports as a Source of Intelligence

February 23, 2016 | 4 Min Read

It’s often tempting to overplay the importance...
Sans

Another SANS Cyber Threat Intelligence Summit is in the books

February 11, 2016 | 5 Min Read

Last Thursday we wrapped up the 4th annual SANS...
intelligence collection

Waiter, there’s a hole in my intelligence collection!

February 10, 2016 | 3 Min Read

We’re all swimming in data. There’s data...
Digital Shadows Announcement

Relevance: The missing ingredient of cyber threat intelligence

February 8, 2016 | 3 Min Read

Today we’ve announced the closing of our Series...
strategic corporal

The Strategic Corporal and Information Security

January 18, 2016 | 3 Min Read

For those unfamiliar with the term “strategic...
Analyst Education

Lots to learn? Academia and intelligence

January 4, 2016 | 3 Min Read

With the ongoing emergence of CTI you could be...
Intelligence Communication

Communicating Intelligence: The Challenge of Consumption

December 10, 2015 | 4 Min Read

In my previous blog in this series I discussed...
Intelligence Communication

Communicating Intelligence: Getting the message out

December 8, 2015 | 4 Min Read

In my previous blog I discussed some of the...
TalkTalk

TalkTalk Information Likely to be Discoverable on The Dark Web

December 4, 2015 | 3 Min Read

Last month, TalkTalk disclosed that they been the...
Intelligence Communication

Communicating Intelligence: A Battle of Three Sides

December 2, 2015 | 2 Min Read

Good intelligence depends in large measure on...
ABI

Activity Based Intelligence – Activating Your Interest?

November 25, 2015 | 4 Min Read

Some threat actors love to make noise. Be it a...
MitM

The Way of Hacking

November 10, 2015 | 3 Min Read

In the Japanese martial art of Aikido it is said...
Internet of Things

How the Internet of Things (IoT) is Expanding Your Digital Shadow

September 9, 2015 | 2 Min Read

The Internet of Things (IoT) is a development...
Cyber Intelligence

The Intelligence Cycle – What Is It Good For?

September 9, 2015 | 10 Min Read

It seems that the concept of ‘intelligence’...
multilingual domain

Working In Multilingual Sources

September 8, 2015 | 5 Min Read

Introduction Here at Digital Shadows we collect...
Intelligence Trinity

The Intelligence Trinity

September 8, 2015 | 5 Min Read

My name is Steve and I’ve been working in...
Sources

Source Evaluation

September 8, 2015 | 5 Min Read

My name is Ben and I’ve been working for...
Analytics

Analytical Tradecraft at Digital Shadows

September 8, 2015 | 3 Min Read

This week my colleague and I attended the SANS...
Groupthink

The Dangers of Groupthink

September 7, 2015 | 4 Min Read

In my previous blog post I discussed...
groupthink

The Dangers of Groupthink: Part 2

September 7, 2015 | 5 Min Read

9th April 2015: In my previous blog post I...