DEF CON 29 Blue Team Village - Rabbit - Structured Analytical Techniques for Improving Info Sec

Based on tradecraft documents openly published by the CIA, this talk takes structured analytical techniques intended for intelligence analysis and refactors them for use in improving typical Information Security investigations and analyses as well as OSINT investigations. In 2009, the Central Intelligence Agency published a document titled "A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis " which lays out a number of techniques for improving the accuracy and reliability of intelligence analyses. I found the document fascinating and set out to reapply the techniques for use in my day to day Information Security work. The techniques are a fantastic tool set for improving the quality of analysis products by bringing alternative narratives and solutions to light, highlighting contradictory evidence, and developing confidence in analysis conclusions. Here we review 11 techniques and examples of their application in typical information security situations.