Episode 5: Andrew Morris
Andrew Morris joins us to talk about smuggling submarines, scanning the internet, threat intelligence, and more!
Episode Guide:
1:30 - Introduction
5:26 - History of the Development of Get-InjectedThread
22:05 - Who is Andrew Morris?
26:45 - What is GreyNoise Intelligence?
33:20 - Understanding the analysis burden of an alert
36:55 - Scoping detection goals
47:40 - The danger of prematurely filtering telemetry
53:33 - Approaching detections considering False Positives AND False Negatives
57:50 - Managing telemetry storage ("disk" vs. "memory")
1:05:05 - How survivorship bias might affect our perspective of attacks/attackers
1:13:45 - Is knowledge a burden in detection and response