hack.lu 2023

Turbocharging IOC validation: Become a more efficient CTI analyst
10-17, 14:30–15:00 (Europe/Luxembourg), Salle Europe

Cyber threat intelligence (CTI) analysts are inundated daily with new Indicators of Compromise
(IOC)s to analyze. Due to the ephemeral nature of IOCs, analysts must analyze IOCs promptly to
understand if an IOC is usable.
IOC validation is one of the most time-consuming and frustrating aspects of analyzing an IOC.
By optimizing IOC validation, an analyst can produce much more timely intelligence.
In this session, you will learn first-hand how to turbocharge the validation of IOCs, thus saving
you precious time and helping you prioritize your time to focus on high-value IOCs and creating
both timely and actionable intelligence.

The session is based on real-world experience and will cover:
- Intro to Low-Regret Model.
- Scenarios which will take you down a rabbit hole and how to avoid them
- When you, as a CTI analyst, should stop enriching an IOC
- How to conduct IOC associations and linkage
- A live demonstration of a highly efficient and automated method to gain optimal results
and improve the IOC validation process using Low-Regret Model.

The session will also provide participants with valuable sources to aid them in effectively
validating IOCs in their role as a CTI analyst.

Arwa Alomari is an experienced cyber threat intelligence leader working for a leading
cybersecurity provider in Saudi Arabia. She leads the threat intelligence unit for her employer.

Arwa started her cybersecurity journey as a penetration tester before turning blue, working in a
SOC, and then moving on to performing IR. She now focuses on CTI and leads the delivery of
services for clients.