Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dark Web y foros underground [rooted2019]

187 visualizaciones

Publicado el

Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dark Web y foros underground [rooted2019]

Publicado en: Tecnología
  • Sé el primero en comentar

Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dark Web y foros underground [rooted2019]

  1. 1. Follow up of Threat Actors and Cybercriminals in the dark web and underground forums Antonio Molina Ramon Vicens
  2. 2. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS root[~]# Who are we? @rvicens Ramon Vicens • CTO and VP Threat Intelligence • Malware and Threat Analysis • Gathering intelligence from botnets & actors https://www.linkedin.com/in/rvicens Antonio Molina • Python Team Lead • Big Data & Analytics • Software Architecture • Python & ML Lover @aydevosotros https://www.linkedin.com/in/amolinag ramon.vicens@blueliv.com antonio.molina@blueliv.com
  3. 3. • Motivation • Real-life examples • Understanding the cybercriminal ecosystem • Big picture • Project approaches FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 3 root[~]# Agenda
  4. 4. “DOCUMENT LEAKS REGARDING COMPANIES AND GOVERNMENTS” #DRUGS #WEAPONS #ZERODAY VULNERABILITIES #CYBERCRIME AS A SERVICE #CREDENTIALS #CREDIT CARDS #BACKDOORS, #SHELLS, #RDPs… root[~]# Motivation: What’s out there? FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  5. 5. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 5 root[~]# Motivation: examples
  6. 6. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 6 root[~]# Motivation: examples
  7. 7. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 7 root[~]# Motivation: examples
  8. 8. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 8 root[~]# Motivation: examples
  9. 9. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 9 root[~]# Motivation: examples
  10. 10. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 10 root[~]# Motivation: examples
  11. 11. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 11 root[~]# Understanding the cybercriminal ecosystem
  12. 12. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 12 root[~]# Motivation: Big Picture
  13. 13. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 13 root[~]# Project approach – initial
  14. 14. • Statistics: • Identified URLs : 654,715,561 • Identified unique sites: 326,212 14 root[~]# Project approach - results FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS text/html text/plain application/x-archive application/gzip application/octet-stream application/zip application/pdf application/x-xz application/epub+zip text/xml text/prs.lines.tag application/rss-xml application/atom-xml application/xml application/vnd-debian-binary-package application/x-fictionbook+xml application/xhtml+xml application/x-mobipocket-ebook application/x-bzip2 application/x-gzip
  15. 15. 15 root[~]# Project approach - results FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS • Statistics: • Identified URLs : 654,715,561 • Identified unique sites: 326,212
  16. 16. • Enrich text (obtaining value from text ) • Natural Language Processing (NLP) • Entity identification and extraction – Text Processing Pipeline • Structured data: The web is made up of common places • Modeling Social Structure 16 root[~]# Project improvement goals FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  17. 17. 17 root[~]# Enriching the text FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS • Automating the process • Natural language is ambiguous, ironic, confusing... but beautiful • The structure tends to be inconsistent • Computers work with "formal" structured languages
  18. 18. 18 root[~]# Demo: Linguistic features of a text FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  19. 19. 19 root[~]# Text processing pipeline FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  20. 20. 20 root[~]# Word embeddings FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS But… What about semantics ?
  21. 21. 21 root[~]# Word embeddings FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  22. 22. 22 root[~]# Word embeddings (Continuous-Bag-of-Words Model (CBOW) FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  23. 23. 23 root[~]# Demo: Playing with word vectors FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  24. 24. 24 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  25. 25. 25 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  26. 26. 26 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  27. 27. 27 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  28. 28. 28 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  29. 29. 29 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  30. 30. 30 root[~]# Crawling the Deep web: Model FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  31. 31. 31 root[~]# Actor relationships FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS Sells Posted Answers
  32. 32. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 32 root[~]# Project approach - Improvement
  33. 33. 33 root[~]# Project Improvement - results FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS • Forums: • Identified Users :18,663 • Threads: 9,705 • Posts: 69,835 Entity Count Email 45.922.490 BTC Wallet 54.714.020 ETH Wallet 1.775 Zeronet URL 52.473.520 TOR URL 28.358.510 I2P URL 559.348 Freenet URL 19.532 Twitter User 25.796.160 Paste 117.196 Phone 328.950 Telegram URL 10.210 API Keys 345.819 Certificates 9.322 DB Connection 15.981 Email 22% BTC Wallet 26% ETH Wallet 0% Zeronet URL 25% TOR URL 14% I2P URL 0% Freenet URL 0% Twitter User 13% Paste 0% Phone 0% Telegram URL 0% API Keys 0%Certificates 0% DB Connection 0%
  34. 34. 34 root[~]# Tracking Actors FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS What can we do with all this ?
  35. 35. 35 root[~]# Demo: actor relationships FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
  36. 36. 36
  37. 37. We are hiring! www.blueliv.com/company/careers
  38. 38. Thanks!
  39. 39. www.blueliv.com www.linkedin.com/blueliv @blueliv CONTACT

×