FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents reactive as well as proactive. FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.
Thank you very much but: improve audio, improve organization and slide order, split slides, add more text. You repeat the same things ten times in ten different slides among both part 1 and part 2. For who doesn't know what MISP is about it is impossible to understand at the first listening, it is very confusing, and the disorganization of the talk is reflected on the speakers too. This is a very important topic which needs to be well explained, but the effort to understand MISP with this webinar is very high. Thank you again for your time and your work, but you are not explaining very easily what MISP is, and that should be done.
I just read a celebrity accused of indulging in it. If it's prevalent enough it's real financial factor in illicit economy, it's real societal reckoning,
Does American society is aware of this existential threat? wake up free world! Who said: It would be so nice to be close friends with Russia??? (Make Russia great again)
Not likely, but what would’ve prevented this would’ve been deployment of VPN to access the network which requires an RSA token unique to only the user, as well as MFA.
Thank you for this wonderful and very informative video! As I was exploring MITRE ATT&CK, I noticed that Data Source is no longer available on the right side.
These gentlemen are helping something. Explaining this & showing these slides are making a difference & helping to combat against bad people. Those guys are good people.
I wonder if you have any revisions now that the Twitter files explained how the left within government and social media garnered control of the tools to a greater extent than any "Russian Bots"
Wtf my ip is shadowban by you? Saving life's BS are to hide your shadow bussines.. There are ways to complain that you will Not like.. Unblocked it Today
What advice would you offer a software vendor when to issue a CSAF "Security Advisory" (profile 4) versus a CSAF VEX (profile 5) artifact? Should a vendor issue both to their customers?
I am concerned by 2 things: - The late disclosure to authorities (you detected the attack on 25/12 and reported it on 05/01 if your slides are correct). - You admit to have undertaken criminal activity (the counter-attack) and even suggest to hide your tracks.
Responding to your concerns; 1- As a service provider I have no commitment to local authorities, only to my customers, even so, Responsible Disclosure was done as soon as we got evidence that personified the attack and we immediately reported the authorities and brands that were not our customers without any gain from it, just out of liability. 2 - Beware of your claims, describing the defense of a security incident as "Counter-Attack" was a way to make the story more exciting, what was done there was legitimate defense and investigation into the incident, the attacker's credentials were in our error logs I didn't have to attack to get them, so it's not my fault the attacker is stupid and leaves his tracks showing. You can still talk to my lawyer if you identify yourself, he can clear things up for you! 3 - Thank you for having attended the lecture and for the points raised here, I could have done this from your own profile and not created one just for that, which shows that 1 of us 2 doesn't want to show his face, after all it was me who I proposed to leave my country and share knowledge with the community, taking 16 hours of flight, speaking in a language that is not my native language and being willing to help even if some people are not worth the effort.
Dear Daniel, Your attitude is really concerning to say the least. 1) As a service provider you have the same commitments (I'd prefer the word obligation anyways) to authorities as any other citizen. Disclosure of such an incident in such a sensitive field of business (we are talking finance here) over 10 days late is not the right thing to do. 2) Your are a defender that detected a breach within your customer's perimeter. Your role as a defender is to secure evidence within that perimeter and undertake or suggest counter-measures to prevent such breaches in the future. Your role is not to investigate and take any action outside of that perimeter. That is up to law enforcement, hence the importance of a timely disclosure which you openly admit to have neglected. If you detect an a burglary on your or a customer's premises, you don't go after the thieves' house to collect evidence or even cause them any damage. You notify the incident to the police and you are free to take any measure within your premises, but not outside. 3) I am not a content creator on RU-vid, thus you do not find any information about who I am or what I do on my RU-vid profile. I don't see how that is of any importance? Will you respond differently to my concerns depending on who I am? You are free to make of my feedback whatever you wish, including ignoring it or convincing yourself you do nothing bad, but I don't see how knowing who I am makes any difference. English is not my native English either and if I was taking a 16 hours flight I would make damn sure I am not presenting anything illegal to a public audience, but I guess that is up to personal preferences!
@@superfish4603 Your comments demonstrate your intent. But I don't usually hide and I have no problem responding to your insults. 1 - Since when do you define my team's SLA? I must have forgotten about it at some point and I'm not remembering. So it's just hate your statement that we took too long to report the incident, maybe you didn't read my answer above saying that immediately after identifying the attackers the case was reported to the authorities. 2 - The obligations of a contract are laid out in the contract and not what you think we should or shouldn't do, again it is noticed that you are stepping out of a logical line of argument and proving to be a Hatter!" Nothing was neglected, on the contrary, responsible disclosure was made to the authorities in time. 3 - You are really right in that statement, I don't give a damn who you are and I wouldn't treat you differently regardless if you were the president of a country, you can see your intention in the first comments, you are definitely a Hater who is jealous of the work of others and therefore should be treated as one. The only advantage I would have with your identification is a lawsuit over your false accusations, but that can still be requested from youtube that allows people like you to come to someone else's content and talk a lot of nonsense. 4 - What is inside or outside the law is not for you to define, if you have any accusation to be made, you should identify yourself and deal with it in a legal sphere, maybe that's why you don't identify yourself, as it would certainly be triggered by my lawyers by account of his childish accusations. Again, it's years of work and study, which in no way will be compromised by your hateful comments. I suggest you go do something constructive in your life and help your community, you'll use your time better.
