Kyle Wilhoit - Operationalizing Threat Intelligence: A guide to developing and operationalizing cyber threat intelligence programs

A guide to developing and operationalizing cyber threat intelligence programs

Kyle Wilhoit

Joseph Opacki

BIRMINGHAMMUMBAI

Copyright 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Vijin Boricha

Publishing Product Manager: Mohd Riyan Khan

Senior Editor: Tanya D'cruz

Content Development Editor: Nihar Kapadia

Technical Editor: Shruthi Shetty

Copy Editor: Safis Editing

Project Coordinator: Ajesh Devavaram

Proofreader: Safis Editing

Indexer: Subalakshmi Govindhan

Production Designer: Prashant Ghare

Marketing Coordinators: Sourodeep Sinha and Hemangi Lotlikar

First published: June 2022

Production reference: 1090522

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80181-468-3

www.packt.com

For Stella, who was the best brown dog anyone could have.

Kyle Wilhoit

For my love, who has provided me with purpose in our life journey together, and for my daughter, who inspires me to leave the world a better place.

Joseph Opacki

Kyle Wilhoit is cybersecurity and cyber threat intelligence professional with wide experience ranging from security architecture to threat analysis. Kyle is specialized in threat intelligence collection and analysis, with a specific focus on nation-state actor groups.

Kyle earned his graduate and undergraduate degrees from Lindenwood University, in St. Charles, Missouri. His work history includes being a threat researcher and leader throughout Silicon Valley, including companies such as DomainTools, Trend Micro, FireEye, and others. Kyle has been an active member on the Blackhat US board since 2016 and has spoken at over 40 conferences across the globe and published over 30 blogs or whitepapers on original research he has performed. Kyle is also the coauthor of Hacking Exposed: Industrial Control Systems: ICS and SCADA Security Secrets and Solutions.

Kyle currently resides in St. Louis, Missouri with his wife and kids.

This book would not have been possible without my wife, who somehow managed to fully support me during the writing of a book on a subject matter she knows or cares nothing about. Also, thank you Mom and Dad, who forever fed my curiosity about computers, even at the age of 12. Finally, I'd like to thank my Brazilian Jiu-Jitsu coach, Dave Greenlee, who continually proves that the fundamentals of good jiu-jitsu are also the fundamentals of good character.

Joseph Opacki is a United States Marine Corps (USMC) veteran and career cybersecurity professional with a specialization in malware reverse engineering, computer intrusion investigation, security research, and threat intelligence. He received his undergraduate degree from George Mason University and his graduate degree from the Virginia Polytechnic Institute and State University. He has been active in academia working as an Adjunct Professor for over a decade in the Master of Digital Forensics program at George Mason University. Before his retirement from public service, Joseph was a malware reverse engineering Subject Matter Expert (SME) at the Federal Bureau of Investigation.

This book would not be possible without my wife. She is the person that consistently challenges me to do more and not settle for the status quo. She has always fully supported any of my life's endeavors and never turned her nose up at anything I ever wanted to accomplish, rather providing all the motivation and support I needed to be successful. Thank you to all the colleagues in my career that have taught me and motivated me. You are appreciated!

Kunal Sehgal has been a cyber-evangelist for over 15 years and is an untiring advocate of Cyber Threat Intelligence sharing. He encourages cyber-defenders to work together by maintaining a strong level of camaraderie across public and private organizations, spanning sectorial and geographical barriers. He is not only actively connected with various communities in Asia but also regularly shares credible intelligence with various law enforcement agencies around the world. These efforts have helped organizations proactively defend themselves against cyber threats and have collectively helped sectors become more resilient.

In his professional capacity, Kunal has worked on setting up two Information Sharing and Analysis Centers in Singapore, to serve the APAC region. He has also worked with all major national CERTs, regulators, and other government bodies in Asia, to strengthen intelligence networks for combatting cybercrime. In 2018, Kunal was part of a global working group, chaired by the Global Forum on Cyber Expertise (GFCE), to make policy-related recommendations to a panel of 90+ member countries.

Kunal invests his non-working hours researching, blogging, and presenting at cyber-events across Asia. He has earned 17 certifications/degrees and has coauthored two whitepapers in the cyber realm.

Dedicated to S.M.

Anthony DESVERNOIS is an IT security professional with more than 10 years of experience in the banking industry. He has worked in many fields within IT across Europe, Asia-Pacific, and the Americas, as an individual contributor and as a manager.

Anthony has been passionate about computer science, and especially IT security, from a young age, on both functional and technical sides.

Anthony holds a Master of Science in systems, network, and security and a master's in business administration.