hack.lu 2023

Yeti is an opensource platform dedicated to the curation and management of operational threat intelligence,
geared towards incident responders and forensic practitioners. It's written in Python and maintained since ~2017.

It consists of several modules:

• a graph database & search engine
• a threat feed ingestion engine
• a data enrichment module (e.g. sandbox information, domain resolution, IOC extraction...)
• Signature management (YARA, Sigma, etc.)
• High-level entity management (Threat actors, TTPs, Campaigns) to tie everything together in a neat graph database.

Yeti has existed since 2017, and is used both in industry and academia, and has
recently been undergoing several big changes, which we would like to present at
CTI-Summit 2023:

This workshop will showcase a suite of free and open source tools to leverage
threat intelligence in DFIR investigations. Participants will be setting up a
full forensics pipeline, including collection (GRR), processing
(Plaso) and analysis (Timesketch), and orchestration
(dfTimewolf). In addition to that, they'll be using Yeti to augment
their processing and analysis with threat intelligence.

Thw workshop will last two hours and is open for anyone to attend. Experience
installing packages on Linux and using the Linux CLI in general is required.
Experience running and managing Docker containers would be a nice addition.

Participants will be given an initial list of Docker containers to pull and set
up before the workshop

[UPDATE] Here's the list! https://docs.google.com/document/d/1TKqOleH2rdtPjybUt3PYybJ7RrH59kqaHnmywJhRPGk/preview

[UPDATE2] Here's the slides with the links to everything: https://docs.google.com/presentation/d/1_IIhazlZF4Nxa_fn4YJ0SieFPJGzP91OwuAO4LIUWOg/edit#slide=id.g24fcb0d3240_0_70