Jürgen Brandl

Jürgen Brandl worked as a senior cyber security analyst at the Federal Ministry of the Interior and has 10 years of experience working in incident response, protecting both governmental and critical infrastructure from cyber attacks. In his current role, he is researching and advocating for the need to use AI to face the emerging threat landscape.


Sessions

10-21
15:15
30min
intelmq.ai - adding ML model support to intelmq
Aaron Kaplan, Sebastian Wagner, Jürgen Brandl

IntelMQ is a great tool for automating structured IT security data feeds for CERTs: need to process all of shadowserver for a country? IntelMQ can easily do it. Need to alert on all vulnerable devices that shodan knows about? Sure!

But what about unstructured text? Many reports (CTI reports) contain lots of relevant information (IoCs, TTPs, etc.), but often in prose or only in semi-structured formats (hidden in a table, etc.).
For information extraction, LLMs and other AI models (BERT, etc.) proved their merit already.

The presents will show how they extended intelmq to support
these AI models and how the combination lends itself (semi-) automating a CTI analyst.

IntelMQ to MISP output included ;-)

topic: CTI
Europe
10-22
14:00
5min
Port Mimic: It's a Trap! (And so is every other port)
Jürgen Brandl

Port Mimic is a tool that lays out a trap by listening to every port on a given interface. For normal users it will be completely invisible, but as soon as a port scanner comes around, it will turn into a wild beast.

hack.lu lightning talk
Europe