hack.lu

Yeti - old dog, new tricks
10-17, 17:55–18:25 (Europe/Luxembourg), Salle Europe

Yeti is an opensource platform dedicated to the curation and management of operational threat intelligence,
geared towards incident responders and forensic practitioners. It's written in Python and maintained since ~2017.

It consists of several modules:

  • a graph database & search engine
  • a threat feed ingestion engine
  • a data enrichment module (e.g. sandbox information, domain resolution, IOC extraction...)
  • Signature management (YARA, Sigma, etc.)
  • High-level entity management (Threat actors, TTPs, Campaigns) to tie everything together in a neat graph database.

Yeti has existed since 2017, and is used both in industry and academia, and has
recently been undergoing several big changes, which we would like to present at
CTI-Summit 2023:


We are going to tell the story of Yeti, why it was created, where it's now, and about all the friends we made along the way.

Besides the new DFIR twist we want to give Yeti, we'll highlight some of the major changes in the codebase:
- Total revamp of the Web UI using VueJS.
- Backend migration to ArangoDB (graph database)
- Code health: Python typing, e2e tests, making development faster and more
reliable, and making community contributions much easier.
- Production and development Docker images
- Integration with third-party OSS tools such as Timesketch and Turbinia.

See also: paper (179.5 KB)

Thomas has been a DFIR practitioner for 10+ years. He's currently a Security Engineer in the DFIR team at Google who loves running towards the proverbial cyber fires. He enjoys detective work and poking malware with a long stick, and has given talks about DFIR, malware analysis, and threat intelligence at many conferences throughout Europe and the US

This speaker also appears in:

A lecturer and researcher at ESIEA and an independent consultant in Threat Intelligence, he contributes to numerous open source projects such as MISP and Yeti. He is also the author of numerous articles, an international speaker and lecturer on malware analysis, digital forensics and Cyber Threat Intelligence at ESIEA, and co-author of the book "Cybersécurité et Malwares
Détection, analyse et Threat Intelligence (4e édition)".

This speaker also appears in: