Valentina Palacin - Practical Threat Intelligence and Data-Driven Threat Hunting

A hands-on guide to threat hunting with the ATT&CK Framework and open source tools

Valentina Palacn

BIRMINGHAMMUMBAI

Copyright 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Wilson D'souza

Publishing Product Manager: Vijin Boricha

Senior Editor: Shazeen Iqbal

Content Development Editor: Ronn Kurien

Technical Editor: Sarvesh Jaywant

Copy Editor: Safis Editing

Project Coordinator: Neil Dmello

Proofreader: Safis Editing

Indexer: Tejal Daruwale Soni

Production Designer: Shankar Kalbhor

First published: February 2021

Production reference: 1110121

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-83855-637-2

www.packt.com

Packt.com

Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
• Improve your learning with Skill Plans built especially for you
• Get a free eBook or video every month
• Fully searchable for easy access to vital information
• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Valentina Palacn is a cyber threat intelligence analyst who specializes in tracking Advanced Persistent Threats (APTs) worldwide, using the MITRE ATT&CK Framework to analyze their tools, tactics, techniques, and procedures (TTPs). She is a self-taught developer and threat hunter with a degree in translation and interpretation from the Universidad de Mlaga (UMA) and a cyber security diploma from Argentina's Universidad Tecnolgica Nacional (UTN). Valentina also is one of the founders of the BlueSpace community (BlueSpaceSec) and one of the core members of Open Threat Research, founded by Roberto Rodriguez (OTR_Community).

The writing of this book has been fun but also a major challenge for me. Firstly, I couldn't have done it without the love and support of my mum, Clara. Secondly, I'm obliged to thank and mention my dearest friends, Ruth Barbacil and Justin Cassidy. Ruth, co-owner of the lab used for the writing of the book, always pushes me forward when I'm stuck, and Justin always let me pick his brain for either grammar or tech reviews. I wouldn't have reached the final page without your encouragement!

I cannot let this be published without a big shoutout to Roberto and Jose Rodriguez, who not only have made available to the community many of the tools reviewed in this book but have also inspired and supported my way into threat hunting.

Finally, I dedicate this book to my beloved grandma, who helped me make sense of life until the end.

Tuncay Arslan has been working in the IT sector since 2005 and is an experienced cyber security architect with the ability to manage IT security infrastructures for large enterprises and work with CERT, CSIRT, and SOC teams. His responsibilities are designing and managing security information event management products and security operation center infrastructures. He has experience with incident response and threat-hunting operations.

Murat Ogul is a seasoned information security professional with two decades of experience in offensive and defensive security. His domain expertise is mainly in threat hunting, penetration testing, network security, web application security, incident response, and threat intelligence. He holds a master's degree in electrical-electronic engineering and several industry-recognized certifications, such as OSCP, CISSP, GWAPT, GCFA, and CEH. He is a big fan of open source projects and the open source community. He likes contributing to the security community by volunteering at security events and reviewing technical books.

To my wife and daughters, thank you for your love and support, and for always being there for me. I greatly appreciate and love you all.

I'd also like to thank Packt Publishing for the opportunity to review this wonderful book.

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.