Indicators of Compromise(IOCs) are hot commodities nowadays. Most of us have a metric ton of IOCs from a plethora of sources, but what do we do with them? After struggling to drink from the IOC firehose, we developed Overlord, an open source project designed to provide automated searching and alerting on IOCs in a scaleable and robust manner, to help us stay on top of the influx. In this talk, Phillips will examine how to utilize the Overlord Project to bridge the gap between IOC repositories and searching infrastructure.. After getting a fresh IOC, besides the usual vetting, we would like to know about this IOC in our environment, ideally on an ongoing basis. Overlord allows us to achieve by this allowing each of its primary components to be modified or completely rewritten for each use case, while still remaining easy to use.William M. Phillips IV Salesforce
William Phillips is a recent graduate of Brown University and currently a Security Researcher for the Salesforce Threat Intelligence team where one of his projects is Overlord. Areas of interest include OS X forensics, iOS security, and Network Forensics.
Музыка
Фильмы
ТВ Шоу
Категории видео
