BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.pass-the-salt.org//pts2024//speaker//7GTEHL BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-pts2024-LJWCNW@cfp.pass-the-salt.org DTSTART;TZID=CET:20240703T101500 DTEND;TZID=CET:20240703T105000 DESCRIPTION:Yeti was initially created in 2017\, when a very operational fr ench financial CERT had the need for managing threat-intelligence related indicators. When responding to incidents\, they wanted quick answers to DF IR-related questions like “where have I seen this kind of filesystem act ivity before?”\, or “is any of this network traffic suspicious”. Yet i was created to fulfill that need. \n\nFast forward to 2024\, open-source threat intelligence platforms (or TIPs) have now proliferated\, and yet t hese questions are not always easy to answer. As environments are now more complex than ever (think cloud providers\, kubernetes\, terraform\, etc.) and attackers get more creative\, DFIR teams need to find a way to struct ure their operations to be able to keep up with the operational tempo. Wha t’s the query that you used to query cloud logs? How do I query a system for that persistence mechanism that was explained in that blogpost? How d o I structure investigations to make sure that my team on the other side o f the world can pick up where I left and knows what to look for?\n\nThis t alk will show how Yeti has changed to respond to the need for a “forensi cs intelligence” repository\, integrating with various other OSS project s such as Timesketch\, DFIQ\, ForensicArtifacts\, MISP to leverage collect ive forensic knowledge and supercharge forensic analysis. We’ll introduc e newcomers to Yeti\, explain our reasoning behind these new capabilities\ , take a tour of all these other open-source projects\, and showcase some of the possible synergies. DTSTAMP:20260512T152349Z LOCATION:Amphitheater SUMMARY:Yeti - towards a Forensics Intelligence Platform - Thomas Chopitea (Digital Forensics\, Google)\, Sebastien Larinier URL:https://cfp.pass-the-salt.org/pts2024/talk/LJWCNW/ END:VEVENT BEGIN:VEVENT UID:pretalx-pts2024-CU8SZM@cfp.pass-the-salt.org DTSTART;TZID=CET:20240704T140000 DTEND;TZID=CET:20240704T170000 DESCRIPTION:This workshop will show participants how to set up instances of Yeti and Timesketch and interconnect them. After the infrastructure is se t up\, participants will learn how to add data\, run feeds\, and set up Ye ti to automatically augment Timesketch sketches with useful threat and for ensics intelligence data. Once all that is ready\, we’ll upload some for ensics data to Timesketch and run through a full investigation\, using int elligence from Yeti to hit the ground running. We’ll also curate intelli gence as we go\, and see how this intelligence will be fed back into Yeti\ , and be made accessible in future cases. If time permits\, we’ll do an end-to-end run of the OSS DFIR pipeline using GRR and dfTimewolf. DTSTAMP:20260512T152349Z LOCATION:Workshop room 2 SUMMARY:Yeti <3 Timesketch - Thomas Chopitea (Digital Forensics\, Google)\, Sebastien Larinier URL:https://cfp.pass-the-salt.org/pts2024/talk/CU8SZM/ END:VEVENT END:VCALENDAR