Cyber Attribution: The Process of Identifying the Adversary
Cyber attribution is the analytical process of identifying the individual, group, or nation-state responsible for a specific cyber intrusion or campaign. Unlike identifying technic...
Cyber Threat Intelligence Glossary
CTI Knowledge Base
Your comprehensive reference for cyber threat intelligence terminology. Explore definitions of malware families, APT groups, attack techniques, and security concepts.
Showing 7 entries in Defense & Detection
Clear filtersDeception Technology: Honeypots and Canary Tokens
Deception Technology involves deploying decoys (traps) within a network to trick adversaries into revealing their presence. These decoys—known as Honeypots—mimic legitimate assets ...
ICS/OT Threat Intelligence: Protecting the Industrial Edge
CTI for Industrial Control Systems (ICS) and OT. Understand the Purdue Model, specialized protocols (Modbus, DNP3), and threats targeting critical infrastructure.
Infrastructure Tracking: Fingerprinting with JA3 and JARM
Move beyond IP addresses. Learn how to track threat actors using SSL/TLS fingerprinting techniques like JA3, JA3S, and JARM to identify C2 servers.
Living off the Land (LotL): The Art of Fileless Malware
Living off the Land (LotL) is a stealth technique where cyber adversaries use legitimate, pre-installed system tools to conduct malicious activities. Instead of introducing custom ...
Malware Config Extraction: Static Analysis Basics
Don't just run malware; dissect it. Learn the basics of static analysis to extract C2 configurations and encryption keys from malware binaries.
Passive DNS (PDNS): The Time Machine for Domains
Passive DNS (PDNS) is a database of historical DNS resolution data. While standard DNS tells you "Where does this domain point now?", Passive DNS tells you "Where did this domain p...