State of the Hack: ABCs of IOC

Presented as a webinar on April 15, 2010.

In this month’s State of the Hack webinar series, MANDIANT’s Nick Harbour, Principal Consultant at MANDIANT and David Ross, Technical Director at MANDIANT discussed Indicators of Compromise (IOC) from the ground up. Participants learned what they are, how they can assist security experts in the field, and how to build effective IOCs in order to detect threats throughout the enterprise. .

Attendees were shown:

 
• What IOCs are and how they can be used to detect threats
 
• How crime was solved before and after IOCs
 
• Case studies richly modeled with the IOC format and;
 
• Tips and Tricks for using IOCs in the real world

In the webinar, we referred to several resources:

 
• MANDIANT IOCe is a free editor for Indicators of Compromise (IOCs). IOCs are XML documents that help incident responders capture diverse information about threats including attributes of malicious files, characteristics of registry changes, artifacts in memory, and so on.
 
• MANDIANT Intelligent Response is the industry’s first enterprise-grade incident response solution. It makes incident responders faster, less disruptive and less expensive — and makes your investigations more comprehensive and accurate.
 
• Our blog, M-unition, contains information from our consulting and research operations. We welcome feedback and comment.
 
• Follow us on Twitter, www.twitter.com/mandiant, and keep up to date on our consultants take on what’s going on in the industry.
 
• We offer a number of free tools for incident responders and malware analysts in the Software section of our website.

About the speakers

David Ross is a Technical Director within the Threat Management Services at MANDIANT.  He has over 12 years of experience in a variety of high-end technical fields, ranging from satellite communications systems and network administration to computer forensics and software development. Mr. Ross holds a current Top Secret government security clearance.

Nick Harbour is a Principal Consultant with MANDIANT and is a well-known innovator in the field of computer security with over nine years experience in reverse engineering, computer forensics, network monitoring and software development. He is a recognized expert in the field of malware and currently focuses on malware analysis and research at MANDIANT.  Mr. Harbour is one of the authors of the malware detection tool MANDIANT Red Curtain..