[SANS ISC] May People Be Considered as IOC?

I published the following diary on isc.sans.edu: “May People Be Considered as IOC?“:

That’s a tricky question! May we manage a list of people like regular IOC’s? An IOC (Indicator of Compromise) is a piece of information, usually technical, that helps to detect malicious (or at least suspicious) activities. Classic types of IOC are IP addresses, domains, hashes, filenames, registry keys, processes, mutexes, … There exists plenty of lists of usernames that must be controlled. Here is a short list or typical accounts used to perform (remote) administrative tasks or belong to default users… [Continue]

[The post [SANS ISC] May People Be Considered as IOC? has been first published on /dev/random]

Article Link: https://blog.rootshell.be/2019/07/24/sans-isc-may-people-be-considered-as-ioc/