Loading…
FloCon 2018 has ended
Tucson, AZ – January 8-11, 2018

PLEASE NOTE THAT THE CURRENT SCHEDULE IS TENTATIVE. CHANGES TO THE SCHEDULE BELOW MAY OCCUR

Watch this space for details on the technical program for FloCon 2018. In the meantime, see the FloCon website at www.cert.org/flocon.
Back To Schedule
Wednesday, January 10 • 2:30pm - 3:00pm
Tactical Threat Map: Methodology for Tracking and Documenting Cyber Campaigns

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

The Tactical Threat Map (TTM) is a collective behavioral profile of Determined Human Actors (DHA) and their associated cyber campaigns. It is an analytical and reporting methodology developed by analysts on the NCCIC (National Cybersecurity & Communications Integration Center) HIRT (Hunt & Incident Response Team) to support the tracking and documentation of campaigns that stretch across multiple disparate locations. The desired outcome was to centralize and consolidate large quantities of forensic data (host and network based) from these disparate sites that were collected during onsite incident response engagements. The fundamental concepts that encompass the TTM are the ability to preserve context around Indicators of Compromise (IOCs), the capacity to map complex intrusion sets and their behavioral TTPs, and the capability to visualize incident response data that is meaningful to both analysts and leadership alike.


Speakers
avatar for Casey Kahsen

Casey Kahsen

Northrop Grumman
Casey has over 8 years of experience in digital forensics and cyber operations. He has been supporting the Department of Homeland Security with Northrop Grumman for over three years. During this time he has supported projects including cyber hygiene and threat reporting, automated... Read More →


Wednesday January 10, 2018 2:30pm - 3:00pm MST
Presidio III, IV, V

Attendees (5)