SlideShare una empresa de Scribd logo

R-CISC Summit 2016 Borderless Threat Intelligence

Descargar como PPTX, PDF
Jason Trost
Jason Trost

Self and supply chain monitoring using External Threat Intelligence. Presented at R-CISC Summit 2016.

Tecnología
1 de 26
Borderless Threat Intelligence Using External Threat Intelligence for Brand & Supply Chain Monitoring Jason Trost R-CISC Summit 2016 April 26th, 2016
whoami •Jason Trost •VP of Threat Research @ Anomali •Previously at Sandia, DoD, Booz Allen, Endgame Inc. •Background in Big Data Analytics, Security Research, and Machine Learning •Big advocate and contributor to open source: • Modern Honey Network, BinaryPig, Honeynet Project • Apache Accumulo, Apache Storm, Elasticsearch
Anomali •Formerly known as ThreatStream, Inc. •Cyber Security company founded in 2013 and venture backed by Google Ventures, Paladin Capital Group, Institutional Venture Partners, and General Catalyst Partners. •SaaS based enterprise security software that provides actionable threat intelligence and breach analytics to large enterprises and government agencies. •Our customers hail from the financial services, healthcare, retail, energy, and technology sectors.
Agenda • Overview • Supply Chain Monitoring • External Threat Intelligence • Suspicious Domains • Network Cleanliness • Social Media and DarkWeb • Credential Exposures • Operationalizing • Wrap up
Overview • External threat intelligence based Breach Analytics • i.e. using intelligence about events that may not be observable on your network to detect breaches or other security events • We apply this beyond your borders to your supply chain • Types of threat intelligence covered include: • Suspicious Domains • Network Cleanliness • Social Media and DarkWeb • Credential Exposures
Defining Your Supply Chain • Any vendor, partner, or customer that your organization relies on or trusts implicitly or explicitly • Supply chain members are a dependency in your vulnerable graph • Breaches within your supply chain may impact your organization • Supply chain examples: • Contractors or vendors • Software, Third Party Libraries, Remote Access Tools (VPN) • Environmental Control • Power, Utilities, and Telecomms • Computing, Hosting, and ISPs • SaaS Services
On Premises Controls • On Premises Controls will only work for supply chain events within your network • Code / Library Reviews • Network Flow and Account Access Reviews • Internal Pivoting • Threat Feeds correlated with log events (DNS, web proxy, firewall, etc.) • They cannot detect events occurring outside your network
Zero Premises Controls • How can you use Your Threat Intelligence solution to identify Supply Chain Threats? • Zero Premises Controls will extend your capabilities deep within your suppliers infrastructure! • Public Credential Exposures (Yourself, Partners, Suppliers) • Threat Feeds (External Organizations on Block lists) • Portscan/Web crawl Data Reviews (Shodan/Censys) • Suspicious Domain Registrations (Yourself, Partners, Suppliers) • Social Media / DarkWeb Monitoring
Supply Chain Threat Intelligence • Document and Research • Supply chain company’s security posture? • Network cleanliness? Web footprint? (Services/Capabilities) • Supply chain company compromised? • How Recent? Repeated? May put you at risk • Supply chain company’s brand used to phish you? • Pay Special Attention to Service Desk Companies! • Supply chain company being targeted? • Examples may not be so obvious • DNS Registrars hold the keys
External Threat Intelligence
Suspicious Domain Name Monitoring • Adversaries register domains mimicking the target’s brand •Techniques: • Transforms: Typosquat, Homoglyph, Character Omission/insertion/swap, etc • Deceptive domains: vpn-mycompany.com, portal-mycompany.com • Used to phish you, exploit you, or as C2 domains • Very effective social engineering tactic • Inventory Items: internal and external domain names, brand names • Data Sources: New Domain registrations, Passive DNS, Virustotal Hunting, URLCrazy • Operations: SIEM integration, Email alerts, IDS Signatures, DNS RPZ
Suspicious Domain Examples threa4stream.edu th2eatdtream.com threatstrewqm.com threatsrraem.com thvaatstraam.com thbeaystream.com th2eatstreams.com threatstreal.se thpeatstreasm.com threatatream.se threadstrean.com theeatstreae.com threatrtrteam.com thraatstream.ru thr3atstraem.com threststram.com thruatsdtruam.com thhreatstrema.com threratstveam.com thrra4stream.com throatstroasm.com threutsatreum.com threitstreram.com thraetstrecm.com thteatstrgam.com threattstream.se threatsttteam.com threautsream.com threatst2eam.no threitstreasm.com thruatstzuam.com threatstreaen.com threatstreem.ru thruatctruam.com thretstreaam.com threatstrawm.com thrmatstream.ch threaystr3am.com theatsdream.com thhreatrstream.com threustreum.com theretstreem.com threatsvrewam.com threatstreal.us thr3atsvream.com threotstrreom.com threatstrgams.com threatsteram.cm threetstreel.com thgraatstream.com theeatstresm.com threatstrreal.com threattresm.com thvatstream.com threatwtreams.com threatstrtewam.com thgreatstreai.com thuatstream.com thraatsyraam.com thr3avstr3am.com threattreamm.com threatstreal.ru threatstr3m.com threat3trearn.com thrratsttream.com threatystream.ch thrrapstream.com threatstrea.de theatstrewam.com threatstreams.org threatstram.fr thseatstream.net thveatsttream.com threaustrwam.com threatsrreem.com threatstrr3am.com threatstr3qm.com threatsyzeam.com thpeatstreaam.com threatstteam.no threaststream.us thrratstrwam.com threatstrream.org threattstreamcom.com threatwtrem.com threaatstream.ca threattrgam.com threastsstream.com thrmatstreaam.com thrratstreams.com
Don’t Forget About Dynamic DNS threatstream.gnway.net threatstream.rincondelmotor.com threatstream.pluginfree.net threatstream.estr.com.ru threatstream.teksunpv.com threatstream.gameyg.com threatstream.redbirdrestaurant.com threatstream.linkpc.net threatstream.support-microsoft.net threatstream.openoffcampus.com threatstream.keygen.com.ru threatstream.cu.cc threatstream.pornandpot.com threatstream.informatix.com.ru threatstream.fuentesderubielos.com threatstream.9wide.com threatstream.jaqan.cn threatstream.hyfitech.com threatstream.easyeatout.com threatstream.xicp.cn threatstream.xenbox.net threatstream.publicvm.com threatstream.ven.bz threatstream.meibu.com threatstream.aq.pl threatstream.m3th.org threatstream.lioha.com threatstream.meibu.net threatstream.kz.com.ru threatstream.gnway.cc threatstream.ircop.cn threatstream.igirl.ru threatstream.newsexstories.com threatstream.free-stuff.com.ru threatstream.leedichter.com threatstream.ggsddup.com threatstream.yooko.com.ru threatstream.za.pl threatstream.servercide.com threatstream.sxn.us threatstream.wmdshr.com
Case Study: Suspicious Domain Registration • Abuse isn’t always about network compromises • Major US Based Cable and Telecommunications company • Fraudulent procurement attempt • Email sent from johnsmith@${company}-us.com, but with the correct letter head and markings • Discovered by SIEM scanning incoming email logs and flagged messages as suspicious • Security team prevented fraudulent transaction, fraud team seized domain
Network Cleanliness Monitoring • Systems from your IP space or your supply chain’s showing up as … • Bot IPs • Scanning IPs • Brute force IPs • Spam IPs • Your webserver hosting malicious content? • Vulnerable or unexpected services running and discoverable? • Inventory Items: IP Address Space of organization and key executives (if possible) • Data Sources: Threat intelligence feeds, honeypot events, botnet sinkhole, Portscan/Web crawl data • Operations: SIEM integration, Email notifications, passive audits of portscan/webcrawl data
Case Study: Network Cleanliness • Large Hi-tech firm evaluating IT staffing company for outsourcing some development and IT services • IT Staffing company would need VPN access and access to other internal IT resources • Passive vendor audit performed using threat intelligence data and public portscan repository • Upon inspection, IT staffing company had very poor network hygiene • tens of IPs regularly checked in to malware sinkholes • tens of IPs regularly scanned honeypot sensors • thousands of compromised credentials • IT staffing company deemed too risky
Social Network and Darkweb Monitoring • Inventory Items: Brand names, key executive names • Data Sources: Social media feeds, Crawling DarkWeb, analysts monitoring darkweb, Google Dorks • Operations: SIEM integration, Email notifications Credential Exposure Posting from the Hell Darkweb forum
Case Study: Social Media/Darkweb Monitoring • Brand monitoring for Major US Based Retailer • Discovered a custom built attack tool designed for the sole purpose of brute forcing a specific part of the retailer’s web infrastructure • Provided the sample and a report about what it did, how it worked and who built it to the retailer
Credential Exposure Monitoring • Inventory Items: email domains, email addresses of key executives • Data sources: Paste sites, Google Dorks, Darkweb • Operations: SIEM integration / orchestration system – notify users/reset passwords, Email alerts
Case Study: Credential Exposures • Brand monitoring for a Major Food and Beverage Company • Discovered leaked credentials from an internal IT wiki page that was accidently exposed • Company alerted and changed all passwords within 24 hours • No evidence that these credentials were abused in that time
Operationalizing
Build an Inventory • Create an inventory • Yourself • Critical supply chain partners • The adversaries this, you should too • Email domains names • Internal and External domain names • Personal email addresses of key executives • Company’s IP address space • IP address space of key executives’ home networks • Brand names • Names of key executives
Data Sources and Integration Points Data Sources Integration Points Suspicious Domains • New domain registration data (Whois) • Passive DNS • Virustotal Hunting • Repeated reviews of DynDNS • SIEM integrations • Email based alerting Network Cleanliness • Honeypots / C2 Sinkholes • Open source threat feeds • Spammer feeds • Commercial Threat intelligence providers • Portscan / Web crawl data • Search/Alert on your IP network or your supply chain’s network showing up on these lists. • SIEM integrations • Email based alerting • Periodic review of external internet facing assets Social Media and Dark Web • DarkWeb / DeepWeb Forums • Social Media Sites • Google Dorks • Search/Alert on your brand or your supply chains’ • SIEM integrations Compromised Credentials • Paste sites • DarkWeb / DeepWeb monitoring • Google dorks • Commercial Threat intelligence providers • Search/Alert on your email domains or those of your supply chain • Notify users • Reset passwords as needed
Summary • Organizations must watch more than themselves and their industry vertical • High Tech Suppliers such as Web and Domain Services, Firewall and Desktop Application vendors are increasingly targeted • Chatter on social media and DarkWeb forums can provide early warning • Compromised Credentials may be used by third party contractors on your network • Passive vendors audits should be part of your procurement process
Questions?
Jason Trost| VP of Threat Research 2317 Broadway, 3rd Floor Redwood City, CA 94063 Phone: 1 – 844 - THREATS

Recomendados

Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceJason Trost
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
 
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesBSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesJason Trost
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)Jason Trost
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Anomali Product Brochure
Anomali Product BrochureAnomali Product Brochure
Anomali Product BrochureTodd Helfrich
 

Recomendados

Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceJason Trost
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
 
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesBSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesJason Trost
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)Jason Trost
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Anomali Product Brochure
Anomali Product BrochureAnomali Product Brochure
Anomali Product BrochureTodd Helfrich
 
An Adversarial View of SaaS Malware Sandboxes
An Adversarial View of SaaS Malware SandboxesAn Adversarial View of SaaS Malware Sandboxes
An Adversarial View of SaaS Malware SandboxesJason Trost
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Tony Cook
 
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Chi En (Ashley) Shen
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using HadoopDataWorks Summit
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Spyglass Security
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware LabThreatConnect
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionJosh Sokol
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionYolanta Beresna
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architectureamar koppal
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Alex Pinto
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 

Más contenido relacionado

La actualidad más candente

An Adversarial View of SaaS Malware Sandboxes
An Adversarial View of SaaS Malware SandboxesAn Adversarial View of SaaS Malware Sandboxes
An Adversarial View of SaaS Malware SandboxesJason Trost
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Tony Cook
 
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Chi En (Ashley) Shen
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using HadoopDataWorks Summit
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Spyglass Security
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware LabThreatConnect
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionJosh Sokol
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionYolanta Beresna
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architectureamar koppal
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 

La actualidad más candente (20)

An Adversarial View of SaaS Malware Sandboxes
An Adversarial View of SaaS Malware SandboxesAn Adversarial View of SaaS Malware Sandboxes
An Adversarial View of SaaS Malware Sandboxes
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016
 
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and Defense
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in Action
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architecture
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with Hadoop
 

Destacado

Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Alex Pinto
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
BSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityBSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityAlex Pinto
 
Magic, art or science? Deep learning unraveled
Magic, art or science? Deep learning unraveledMagic, art or science? Deep learning unraveled
Magic, art or science? Deep learning unraveledGoDataDriven
 
Security Issues in OpenStack
Security Issues in OpenStackSecurity Issues in OpenStack
Security Issues in OpenStackoldbam
 
Clairvoyant Squirrel: Large Scale Malicious Domain Classification
Clairvoyant Squirrel: Large Scale Malicious Domain ClassificationClairvoyant Squirrel: Large Scale Malicious Domain Classification
Clairvoyant Squirrel: Large Scale Malicious Domain ClassificationJason Trost
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemSeungjoo Kim
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
Anomaly Detection - New York Machine Learning
Anomaly Detection - New York Machine LearningAnomaly Detection - New York Machine Learning
Anomaly Detection - New York Machine LearningTed Dunning
 
Machine Learning for Application-Layer Intrusion Detection
Machine Learning for Application-Layer Intrusion DetectionMachine Learning for Application-Layer Intrusion Detection
Machine Learning for Application-Layer Intrusion Detectionbutest
 
Machine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionMachine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionSplunk
 
HTM & Apache Flink (2016-06-27)
HTM & Apache Flink (2016-06-27)HTM & Apache Flink (2016-06-27)
HTM & Apache Flink (2016-06-27)Eron Wright
 
2016 FS-ISAC Annual Summit (Miami) - Developing Effective Encryption Strategies
2016 FS-ISAC Annual Summit (Miami) - Developing Effective Encryption Strategies2016 FS-ISAC Annual Summit (Miami) - Developing Effective Encryption Strategies
2016 FS-ISAC Annual Summit (Miami) - Developing Effective Encryption StrategiesJoshua R Nicholson
 
Sitcon2014 community by server (kir)
Sitcon2014 community by server (kir)Sitcon2014 community by server (kir)
Sitcon2014 community by server (kir)Kir Chou
 
Knowledge Management in Distributed Agile Software Development
Knowledge Management in Distributed Agile Software DevelopmentKnowledge Management in Distributed Agile Software Development
Knowledge Management in Distributed Agile Software DevelopmentKir Chou
 
Spime - personal assistant
Spime - personal assistantSpime - personal assistant
Spime - personal assistantKir Chou
 
Final Year Project Synopsis: Post Quantum Encryption using Neural Networks
Final Year Project Synopsis: Post Quantum Encryption using Neural NetworksFinal Year Project Synopsis: Post Quantum Encryption using Neural Networks
Final Year Project Synopsis: Post Quantum Encryption using Neural NetworksJPC Hanson
 
SC7 Workshop 2: Big Data, Societal Challenges and the Policy Context
SC7 Workshop 2: Big Data, Societal Challenges and the Policy ContextSC7 Workshop 2: Big Data, Societal Challenges and the Policy Context
SC7 Workshop 2: Big Data, Societal Challenges and the Policy ContextBigData_Europe
 

Destacado (20)

Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
 
BSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityBSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information Security
 
Magic, art or science? Deep learning unraveled
Magic, art or science? Deep learning unraveledMagic, art or science? Deep learning unraveled
Magic, art or science? Deep learning unraveled
 
Security Issues in OpenStack
Security Issues in OpenStackSecurity Issues in OpenStack
Security Issues in OpenStack
 
Clairvoyant Squirrel: Large Scale Malicious Domain Classification
Clairvoyant Squirrel: Large Scale Malicious Domain ClassificationClairvoyant Squirrel: Large Scale Malicious Domain Classification
Clairvoyant Squirrel: Large Scale Malicious Domain Classification
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection System
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
 
Anomaly Detection - New York Machine Learning
Anomaly Detection - New York Machine LearningAnomaly Detection - New York Machine Learning
Anomaly Detection - New York Machine Learning
 
Machine Learning for Application-Layer Intrusion Detection
Machine Learning for Application-Layer Intrusion DetectionMachine Learning for Application-Layer Intrusion Detection
Machine Learning for Application-Layer Intrusion Detection
 
Machine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionMachine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout Session
 
Mobipedia presentation
Mobipedia presentationMobipedia presentation
Mobipedia presentation
 
HTM & Apache Flink (2016-06-27)
HTM & Apache Flink (2016-06-27)HTM & Apache Flink (2016-06-27)
HTM & Apache Flink (2016-06-27)
 
2016 FS-ISAC Annual Summit (Miami) - Developing Effective Encryption Strategies
2016 FS-ISAC Annual Summit (Miami) - Developing Effective Encryption Strategies2016 FS-ISAC Annual Summit (Miami) - Developing Effective Encryption Strategies
2016 FS-ISAC Annual Summit (Miami) - Developing Effective Encryption Strategies
 
Sitcon2014 community by server (kir)
Sitcon2014 community by server (kir)Sitcon2014 community by server (kir)
Sitcon2014 community by server (kir)
 
Knowledge Management in Distributed Agile Software Development
Knowledge Management in Distributed Agile Software DevelopmentKnowledge Management in Distributed Agile Software Development
Knowledge Management in Distributed Agile Software Development
 
Spime - personal assistant
Spime - personal assistantSpime - personal assistant
Spime - personal assistant
 
Final Year Project Synopsis: Post Quantum Encryption using Neural Networks
Final Year Project Synopsis: Post Quantum Encryption using Neural NetworksFinal Year Project Synopsis: Post Quantum Encryption using Neural Networks
Final Year Project Synopsis: Post Quantum Encryption using Neural Networks
 
SC7 Workshop 2: Big Data, Societal Challenges and the Policy Context
SC7 Workshop 2: Big Data, Societal Challenges and the Policy ContextSC7 Workshop 2: Big Data, Societal Challenges and the Policy Context
SC7 Workshop 2: Big Data, Societal Challenges and the Policy Context
 
Ai
AiAi
Ai
 

Similar a R-CISC Summit 2016 Borderless Threat Intelligence

AISA - v6 - Damien Manuel
AISA - v6 - Damien ManuelAISA - v6 - Damien Manuel
AISA - v6 - Damien ManuelDamien Manuel
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiAllanGray11
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringChris Gates
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxMahdiHasanSowrav
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...Priyanka Aash
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertISSA LA
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling BlindspotBrian A. McHenry
 

Similar a R-CISC Summit 2016 Borderless Threat Intelligence (20)

AISA - v6 - Damien Manuel
AISA - v6 - Damien ManuelAISA - v6 - Damien Manuel
AISA - v6 - Damien Manuel
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash Barai
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptx
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling Blindspot
 

Último

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Último (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

R-CISC Summit 2016 Borderless Threat Intelligence

  • 1. Borderless Threat Intelligence Using External Threat Intelligence for Brand & Supply Chain Monitoring Jason Trost R-CISC Summit 2016 April 26th, 2016
  • 2. whoami •Jason Trost •VP of Threat Research @ Anomali •Previously at Sandia, DoD, Booz Allen, Endgame Inc. •Background in Big Data Analytics, Security Research, and Machine Learning •Big advocate and contributor to open source: • Modern Honey Network, BinaryPig, Honeynet Project • Apache Accumulo, Apache Storm, Elasticsearch
  • 3. Anomali •Formerly known as ThreatStream, Inc. •Cyber Security company founded in 2013 and venture backed by Google Ventures, Paladin Capital Group, Institutional Venture Partners, and General Catalyst Partners. •SaaS based enterprise security software that provides actionable threat intelligence and breach analytics to large enterprises and government agencies. •Our customers hail from the financial services, healthcare, retail, energy, and technology sectors.
  • 4. Agenda • Overview • Supply Chain Monitoring • External Threat Intelligence • Suspicious Domains • Network Cleanliness • Social Media and DarkWeb • Credential Exposures • Operationalizing • Wrap up
  • 5. Overview • External threat intelligence based Breach Analytics • i.e. using intelligence about events that may not be observable on your network to detect breaches or other security events • We apply this beyond your borders to your supply chain • Types of threat intelligence covered include: • Suspicious Domains • Network Cleanliness • Social Media and DarkWeb • Credential Exposures
  • 6. Defining Your Supply Chain • Any vendor, partner, or customer that your organization relies on or trusts implicitly or explicitly • Supply chain members are a dependency in your vulnerable graph • Breaches within your supply chain may impact your organization • Supply chain examples: • Contractors or vendors • Software, Third Party Libraries, Remote Access Tools (VPN) • Environmental Control • Power, Utilities, and Telecomms • Computing, Hosting, and ISPs • SaaS Services
  • 7. On Premises Controls • On Premises Controls will only work for supply chain events within your network • Code / Library Reviews • Network Flow and Account Access Reviews • Internal Pivoting • Threat Feeds correlated with log events (DNS, web proxy, firewall, etc.) • They cannot detect events occurring outside your network
  • 8. Zero Premises Controls • How can you use Your Threat Intelligence solution to identify Supply Chain Threats? • Zero Premises Controls will extend your capabilities deep within your suppliers infrastructure! • Public Credential Exposures (Yourself, Partners, Suppliers) • Threat Feeds (External Organizations on Block lists) • Portscan/Web crawl Data Reviews (Shodan/Censys) • Suspicious Domain Registrations (Yourself, Partners, Suppliers) • Social Media / DarkWeb Monitoring
  • 9. Supply Chain Threat Intelligence • Document and Research • Supply chain company’s security posture? • Network cleanliness? Web footprint? (Services/Capabilities) • Supply chain company compromised? • How Recent? Repeated? May put you at risk • Supply chain company’s brand used to phish you? • Pay Special Attention to Service Desk Companies! • Supply chain company being targeted? • Examples may not be so obvious • DNS Registrars hold the keys
  • 11. Suspicious Domain Name Monitoring • Adversaries register domains mimicking the target’s brand •Techniques: • Transforms: Typosquat, Homoglyph, Character Omission/insertion/swap, etc • Deceptive domains: vpn-mycompany.com, portal-mycompany.com • Used to phish you, exploit you, or as C2 domains • Very effective social engineering tactic • Inventory Items: internal and external domain names, brand names • Data Sources: New Domain registrations, Passive DNS, Virustotal Hunting, URLCrazy • Operations: SIEM integration, Email alerts, IDS Signatures, DNS RPZ
  • 12. Suspicious Domain Examples threa4stream.edu th2eatdtream.com threatstrewqm.com threatsrraem.com thvaatstraam.com thbeaystream.com th2eatstreams.com threatstreal.se thpeatstreasm.com threatatream.se threadstrean.com theeatstreae.com threatrtrteam.com thraatstream.ru thr3atstraem.com threststram.com thruatsdtruam.com thhreatstrema.com threratstveam.com thrra4stream.com throatstroasm.com threutsatreum.com threitstreram.com thraetstrecm.com thteatstrgam.com threattstream.se threatsttteam.com threautsream.com threatst2eam.no threitstreasm.com thruatstzuam.com threatstreaen.com threatstreem.ru thruatctruam.com thretstreaam.com threatstrawm.com thrmatstream.ch threaystr3am.com theatsdream.com thhreatrstream.com threustreum.com theretstreem.com threatsvrewam.com threatstreal.us thr3atsvream.com threotstrreom.com threatstrgams.com threatsteram.cm threetstreel.com thgraatstream.com theeatstresm.com threatstrreal.com threattresm.com thvatstream.com threatwtreams.com threatstrtewam.com thgreatstreai.com thuatstream.com thraatsyraam.com thr3avstr3am.com threattreamm.com threatstreal.ru threatstr3m.com threat3trearn.com thrratsttream.com threatystream.ch thrrapstream.com threatstrea.de theatstrewam.com threatstreams.org threatstram.fr thseatstream.net thveatsttream.com threaustrwam.com threatsrreem.com threatstrr3am.com threatstr3qm.com threatsyzeam.com thpeatstreaam.com threatstteam.no threaststream.us thrratstrwam.com threatstrream.org threattstreamcom.com threatwtrem.com threaatstream.ca threattrgam.com threastsstream.com thrmatstreaam.com thrratstreams.com
  • 13. Don’t Forget About Dynamic DNS threatstream.gnway.net threatstream.rincondelmotor.com threatstream.pluginfree.net threatstream.estr.com.ru threatstream.teksunpv.com threatstream.gameyg.com threatstream.redbirdrestaurant.com threatstream.linkpc.net threatstream.support-microsoft.net threatstream.openoffcampus.com threatstream.keygen.com.ru threatstream.cu.cc threatstream.pornandpot.com threatstream.informatix.com.ru threatstream.fuentesderubielos.com threatstream.9wide.com threatstream.jaqan.cn threatstream.hyfitech.com threatstream.easyeatout.com threatstream.xicp.cn threatstream.xenbox.net threatstream.publicvm.com threatstream.ven.bz threatstream.meibu.com threatstream.aq.pl threatstream.m3th.org threatstream.lioha.com threatstream.meibu.net threatstream.kz.com.ru threatstream.gnway.cc threatstream.ircop.cn threatstream.igirl.ru threatstream.newsexstories.com threatstream.free-stuff.com.ru threatstream.leedichter.com threatstream.ggsddup.com threatstream.yooko.com.ru threatstream.za.pl threatstream.servercide.com threatstream.sxn.us threatstream.wmdshr.com
  • 14. Case Study: Suspicious Domain Registration • Abuse isn’t always about network compromises • Major US Based Cable and Telecommunications company • Fraudulent procurement attempt • Email sent from johnsmith@${company}-us.com, but with the correct letter head and markings • Discovered by SIEM scanning incoming email logs and flagged messages as suspicious • Security team prevented fraudulent transaction, fraud team seized domain
  • 15. Network Cleanliness Monitoring • Systems from your IP space or your supply chain’s showing up as … • Bot IPs • Scanning IPs • Brute force IPs • Spam IPs • Your webserver hosting malicious content? • Vulnerable or unexpected services running and discoverable? • Inventory Items: IP Address Space of organization and key executives (if possible) • Data Sources: Threat intelligence feeds, honeypot events, botnet sinkhole, Portscan/Web crawl data • Operations: SIEM integration, Email notifications, passive audits of portscan/webcrawl data
  • 16. Case Study: Network Cleanliness • Large Hi-tech firm evaluating IT staffing company for outsourcing some development and IT services • IT Staffing company would need VPN access and access to other internal IT resources • Passive vendor audit performed using threat intelligence data and public portscan repository • Upon inspection, IT staffing company had very poor network hygiene • tens of IPs regularly checked in to malware sinkholes • tens of IPs regularly scanned honeypot sensors • thousands of compromised credentials • IT staffing company deemed too risky
  • 17. Social Network and Darkweb Monitoring • Inventory Items: Brand names, key executive names • Data Sources: Social media feeds, Crawling DarkWeb, analysts monitoring darkweb, Google Dorks • Operations: SIEM integration, Email notifications Credential Exposure Posting from the Hell Darkweb forum
  • 18. Case Study: Social Media/Darkweb Monitoring • Brand monitoring for Major US Based Retailer • Discovered a custom built attack tool designed for the sole purpose of brute forcing a specific part of the retailer’s web infrastructure • Provided the sample and a report about what it did, how it worked and who built it to the retailer
  • 19. Credential Exposure Monitoring • Inventory Items: email domains, email addresses of key executives • Data sources: Paste sites, Google Dorks, Darkweb • Operations: SIEM integration / orchestration system – notify users/reset passwords, Email alerts
  • 20. Case Study: Credential Exposures • Brand monitoring for a Major Food and Beverage Company • Discovered leaked credentials from an internal IT wiki page that was accidently exposed • Company alerted and changed all passwords within 24 hours • No evidence that these credentials were abused in that time
  • 22. Build an Inventory • Create an inventory • Yourself • Critical supply chain partners • The adversaries this, you should too • Email domains names • Internal and External domain names • Personal email addresses of key executives • Company’s IP address space • IP address space of key executives’ home networks • Brand names • Names of key executives
  • 23. Data Sources and Integration Points Data Sources Integration Points Suspicious Domains • New domain registration data (Whois) • Passive DNS • Virustotal Hunting • Repeated reviews of DynDNS • SIEM integrations • Email based alerting Network Cleanliness • Honeypots / C2 Sinkholes • Open source threat feeds • Spammer feeds • Commercial Threat intelligence providers • Portscan / Web crawl data • Search/Alert on your IP network or your supply chain’s network showing up on these lists. • SIEM integrations • Email based alerting • Periodic review of external internet facing assets Social Media and Dark Web • DarkWeb / DeepWeb Forums • Social Media Sites • Google Dorks • Search/Alert on your brand or your supply chains’ • SIEM integrations Compromised Credentials • Paste sites • DarkWeb / DeepWeb monitoring • Google dorks • Commercial Threat intelligence providers • Search/Alert on your email domains or those of your supply chain • Notify users • Reset passwords as needed
  • 24. Summary • Organizations must watch more than themselves and their industry vertical • High Tech Suppliers such as Web and Domain Services, Firewall and Desktop Application vendors are increasingly targeted • Chatter on social media and DarkWeb forums can provide early warning • Compromised Credentials may be used by third party contractors on your network • Passive vendors audits should be part of your procurement process
  • 26. Jason Trost| VP of Threat Research 2317 Broadway, 3rd Floor Redwood City, CA 94063 Phone: 1 – 844 - THREATS