October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Hello to the dark side: Understanding your adversaries without all those expensive threat intel tools

' grecs (NovaInfosec Consulting)
4:45pm–5:25pm Wednesday, 11/02/2016
Security in context (security datasci)
Location: Trianon Ballroom Level: Intermediate

Prerequisite knowledge

  • Some experience working in defending an operational environment (e.g., in a SOC)

What you'll learn

  • Discover the benefits of creating your own intel
  • Learn how to easily bootstrap and grow a threat intel program


In the aftermath of the fall of Evernote as an inexpensive threat intel platform, free and low-cost solutions have emerged from the dismantled remains to give hope to defenders everywhere. S. Grec (grecs) continues his threat intel series, covering lessons learned from his Evernote experiment before pivoting toward improved data structures and newly discovered enterprise-friendly intel platforms to support them. And fresh off restrictions from previous employment, grecs discusses the process for bootstrapping and maturing your own threat intel program and describes a step-by-step framework for generating your own actionable intelligence to ease identification of advanced threats. As part of this fun Star Wars-themed talk, grecs demos a VM with several tools integrated to get you started.

Photo of ' grecs

' grecs

NovaInfosec Consulting

grecs has two decades of industry experience and holds undergraduate and graduate engineering degrees, as well as a really well-known security certification. Despite his formal training, grecs has always been more of a CS person at heart, going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days as a senior cyber intelligence analyst enhancing customer defenses through advanced analysis, customized training, and engineering improvements. In his free time, grecs is an international speaker and blogger, covering a range of topics, including incident response, malware analysis, and threat intelligence.