Profiling the attackerIt was once said "Intrusion analysis is as much about TCPdump as astronomy is about telescopes. Understanding who is attacking a network and why is just as important as analysing the packets on the line.This slot will focus on a technical offender profiling framework that can be used to build a knowledge base on malicious actors. This talk will take a deep dive into the following areas:Building an information classification for your assetsAttack significance plottingDiscerning motiveAttacker kill chain analysisMalicious actor profile checklist and naming conventions