Don’t chase the IOCs
What are IOCs?
Indicators of compromise (IOC) are a quick and easy way for your incident reponse/security team to check if similar activity occured (reactive) or preventing future attacks by means of blocking (Pro-active). These often come in the form of file hashes, IPs or domains and recently bitcoin addresses.
There are many feeds to gain IOCs, and most people have their preference. For me, It’s…