Threat Intelligence and Why It’s Important
Threat intelligence is the study and research of who may be attacking you, what their motivation and capabilities are, and what indicators of compromise in your systems to look for to help make informed decisions about your security. The skilled threat intelligence researcher should be able to strip out the extraneous information and false alarms and only focus on the actionable intelligence that directly affects her interests.
Dancho told us that “threat Intelligence has been an inseparable part of my career and it’s something that I do and practice on a daily basis. My earliest experience with Threat Intelligence is as a Technical Collector of trojan horses/viruses/worms and VBS scripts for LockDownCorp throughout the 90’s which in combination with my experience in OSINT let me to produce some of the industry’s most recognized research articles. I’m also researching Eastern European cybercriminals as well as international and global spam phishing and malware campaigns and information on the actors behind them.”
Threat intelligence and OSINT is the research and analysis of only public data. LinuxSecurity was curious if Dancho had ever been a blackhat hacker. “In my entire teenage ex-hacker enthusiast experience I've only compromised one Website which was my town's official Website,” writes Dancho. He managed to obtain the accounting data for the site by socially engineering tripod.com at the time into going through the System Administrator's ICQ profile to gain access to the site for the purpose of changing the homepage to spread a message and actually say "hi" and greet local friends.