The ever changing world of digital threats is relentless and immature at this point. I believe it will take many years to develop reliable automated infrastructure that moves fast enough to really get in front of cybersecurity threats in real-time. Until that emergence of advantage comes along we have to look at observed threats and validate each and every one of the file hashes and/or infected files then we have to build alerts and then react to those alerts. The automation is within the data acquisition and ingestion phase. Finding these needles in the proverbial haystack seems to be the biggest challenge that cybersecurity professionals have at this point. 

I am compiling a list of commonly known reference materials and sites that every cyber security professional should have in their 'toolkit' of gadgets. These are data sources and cross-reference materials that can be used to validate assumed threats. The challenge today is to recategorize objects from the assumed threat to the validated threats. Once that is done we can scan for activity and objects, compare them against known valid indicators of compromise (IOC), and then react appropriately.

Disclaimer...

I understand that almost all of what cyber security professionals are doing is highly sensitive and should be considered secret. There is nothing here that is sensitive or proprietary. This is all public information. I MIGHT open up a comments section on here. Often times there is a lot of garbage bot driven comments in these discussion boards. We'll see how it goes. this is a pretty low profile website, so hopefully it's far under the radar of most garbage.

 

Data sources

https://isc.sans.edu

https://www.cisa.gov/ransomware

https://lists.vmware.com/mailman/listinfo/security-announce

https://www.microsoft.com/en-us/msrc/technical-security-notifications

https://awesomeopensource.com/projects/threat-intelligence

https://www.dan.me.uk

 

Reference Materials

 

 

Research links