Suche senden
Hochladen
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
•
3 gefällt mir
•
1,187 views
CanSecWest
Folgen
CanSecWest2017
Weniger lesen
Mehr lesen
Internet
Melden
Teilen
Melden
Teilen
1 von 37
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
CSW2017 Harri hursti csw17 final
CSW2017 Harri hursti csw17 final
CanSecWest
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
Amit Serper
Shamoon
Shamoon
Shakacon
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at Scale
John Bambenek
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
North Texas Chapter of the ISSA
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
North Texas Chapter of the ISSA
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To Noise
Andrew Morris
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
Empfohlen
CSW2017 Harri hursti csw17 final
CSW2017 Harri hursti csw17 final
CanSecWest
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
Amit Serper
Shamoon
Shamoon
Shakacon
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at Scale
John Bambenek
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
North Texas Chapter of the ISSA
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
North Texas Chapter of the ISSA
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To Noise
Andrew Morris
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
Andrew Morris
The Background Noise of the Internet
The Background Noise of the Internet
Andrew Morris
Sigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
EC-Council
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
John Bambenek
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
Chi En (Ashley) Shen
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Andrew Morris
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Andrew Morris
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
CODE BLUE
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
Andrew Morris
HITCON 2015 - DGAs, DNS and Threat Intelligence
HITCON 2015 - DGAs, DNS and Threat Intelligence
John Bambenek
Fade from Whitehat... to Black
Fade from Whitehat... to Black
Beau Bullock
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
John Bambenek
External to DA, the OS X Way
External to DA, the OS X Way
Stephan Borosh
Four years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijacking
APNIC
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS Queries
John Bambenek
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CanSecWest
Weitere ähnliche Inhalte
Was ist angesagt?
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
Andrew Morris
The Background Noise of the Internet
The Background Noise of the Internet
Andrew Morris
Sigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
EC-Council
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
John Bambenek
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
Chi En (Ashley) Shen
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Andrew Morris
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Andrew Morris
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
CODE BLUE
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
Andrew Morris
HITCON 2015 - DGAs, DNS and Threat Intelligence
HITCON 2015 - DGAs, DNS and Threat Intelligence
John Bambenek
Fade from Whitehat... to Black
Fade from Whitehat... to Black
Beau Bullock
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
John Bambenek
External to DA, the OS X Way
External to DA, the OS X Way
Stephan Borosh
Four years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijacking
APNIC
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS Queries
John Bambenek
Was ist angesagt?
(20)
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
The Background Noise of the Internet
The Background Noise of the Internet
Sigma and YARA Rules
Sigma and YARA Rules
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
HITCON 2015 - DGAs, DNS and Threat Intelligence
HITCON 2015 - DGAs, DNS and Threat Intelligence
Fade from Whitehat... to Black
Fade from Whitehat... to Black
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
External to DA, the OS X Way
External to DA, the OS X Way
Four years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijacking
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS Queries
Andere mochten auch
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CanSecWest
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CanSecWest
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CanSecWest
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CanSecWest
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CanSecWest
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CanSecWest
CSW2017 Scott kelly secureboot-csw2017-v1
CSW2017 Scott kelly secureboot-csw2017-v1
CanSecWest
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CanSecWest
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CanSecWest
Csw2016 chen grassi-he-apple_graphics_is_compromised
Csw2016 chen grassi-he-apple_graphics_is_compromised
CanSecWest
CSW2017 Qidan he+Gengming liu_cansecwest2017
CSW2017 Qidan he+Gengming liu_cansecwest2017
CanSecWest
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CanSecWest
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelisting
CanSecWest
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CanSecWest
Csw2016 song li-smart_wars
Csw2016 song li-smart_wars
CanSecWest
Csw2016 tang virtualization_device emulator testing technology
Csw2016 tang virtualization_device emulator testing technology
CanSecWest
CSW2017 jun li_car anomaly detection
CSW2017 jun li_car anomaly detection
CanSecWest
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
CanSecWest
Andere mochten auch
(20)
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Scott kelly secureboot-csw2017-v1
CSW2017 Scott kelly secureboot-csw2017-v1
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
Csw2016 chen grassi-he-apple_graphics_is_compromised
Csw2016 chen grassi-he-apple_graphics_is_compromised
CSW2017 Qidan he+Gengming liu_cansecwest2017
CSW2017 Qidan he+Gengming liu_cansecwest2017
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelisting
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
Csw2016 song li-smart_wars
Csw2016 song li-smart_wars
Csw2016 tang virtualization_device emulator testing technology
Csw2016 tang virtualization_device emulator testing technology
CSW2017 jun li_car anomaly detection
CSW2017 jun li_car anomaly detection
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
Ähnlich wie CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
PhishLabs
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human
PhishLabs
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
Imperva
What a locked down law firm looks like updated
What a locked down law firm looks like updated
Denim Group
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Chi En (Ashley) Shen
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
Jason Trost
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
Jason Trost
Hanzo user group
Hanzo user group
Pamela Talevski
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Cyren, Inc
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
Jeremy Li
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
IBM Security
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
Ben Boyd
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Adelaide Hill
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptx
sconalbg
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Shawn Tuma
It’s time to boost VoIP network security
It’s time to boost VoIP network security
Bev Robb
Ähnlich wie CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
(20)
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
What a locked down law firm looks like updated
What a locked down law firm looks like updated
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
Hanzo user group
Hanzo user group
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptx
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
It’s time to boost VoIP network security
It’s time to boost VoIP network security
Mehr von CanSecWest
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CanSecWest
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CanSecWest
Csw2016 macaulay eh_trace-rop_hooks
Csw2016 macaulay eh_trace-rop_hooks
CanSecWest
Csw2016 d antoine_automatic_exploitgeneration
Csw2016 d antoine_automatic_exploitgeneration
CanSecWest
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemes
CanSecWest
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnology
CanSecWest
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
CanSecWest
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
CanSecWest
Mehr von CanSecWest
(9)
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
Csw2016 macaulay eh_trace-rop_hooks
Csw2016 macaulay eh_trace-rop_hooks
Csw2016 d antoine_automatic_exploitgeneration
Csw2016 d antoine_automatic_exploitgeneration
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnology
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Kürzlich hochgeladen
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
494f574xmv
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
Dyna Gilbert
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
APNIC
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
mibuzondetrabajo
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
rnrncn29
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
NIMMANAGANTI RAMAKRISHNA
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
zdzoqco
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
Mario
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
eusebiomeyer
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
rnrncn29
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
AndrieCagasanAkio
Kürzlich hochgeladen
(11)
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
1.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary @ThreatConnect Lots of Squats: APTs Never Miss Leg Day March 17, 2017
2.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary Agenda • Spoofed domains • Notable breaches • Tools • Strategic view of spoofed domain registrations • Tactical view • Conclusions
3.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 3 The First Look Vulnerability Rescuing Leia • Because everything has a Star Wars corollary Spoofed domains • Exploit the inherent and immediate trust that we place in the familiar • Target the organization or another organization/technology pertinent to operation Types • Typosquats • Look alikes • Letter swaps • Sticky keys
4.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 4 A) gooqle.com B) googIe.com C) qoogle.com D) gcogle.com Pop Quiz Example
5.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 5 Pop Quiz Example gooqle.com gI qoogle.com Use a lowercase “Q” in place of a “g” gooqle.com qoogle.com
6.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 6 Pop Quiz Example Use a “c” in place of an “o” gcogle.com
7.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 7 Pop Quiz Example Use an uppercase “i” instead of a lowercase “L” googIe.com
8.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 8 Advanced Persistent Threats (APTs) Everybody’s doing it • China • Russia Why • Relatively cheap • Easy to do • Effective • Can obfuscate origin Operations • Delivery • Exploitation • Command and control Notable breaches • Anthem/BCBS entities • OPM • DNC/DCCC Operation types • Credential harvesting • Malware dissemination
9.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 9 Notable Breaches China – DEEP PANDA Anthem/BCBS • we11point[.]com • prennera[.]com • Chinese registrant resellers OPM • opm-learning[.]org • opmsecurity[.]org • The Avengers registrants Russia – FANCY BEAR DNC/DCCC • misdepatrment[.]com • actblues[.]com • Fake personas
10.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 10 So What? Has become a TTP • Specific actors employing spoofing against specific sectors • There is a trend to look for Domain registration precedes operation • Timeline varies Operationalize domain registration information • WHOIS as threat intelligence
11.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 11 We’re Not Playing Whack-a-Mole Simply reacting on a one-off basis won’t suffice • Active state • Predictive state Leveraging domain registrations as threat intel • Higher-level strategic intelligence • Informs organizational or sector awareness • In-depth tactical intelligence • Provides situational awareness during incidents Operationalize domain registration information • Trends in spoofed domain registrations • Identifying and leveraging APT TTPs
12.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 12 Tools of the Trade DNSTwist and URLCrazy • Open source • Identify spoofed domains for a given domain DomainTools • WHOIS • Typo Finder • Reverse NS Lookup • IRIS
13.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary Domain Registrations as Strategic Intel
14.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 14 Trends in Registrations Process • Identify all domains registered during a given timeframe that spoof provided domains • Get WHOIS information for all domains • Registrant, registrar, create date, registrant email address, country of origin • Used Excel • Remove legitimate registrations as possible • Investigate WHOIS information to identify trends or patterns • Correlate possible spikes in activity to current events Hypothesis • Keeping track of all of the spoofed domains targeting a given organization or sector can help identify potential activity against that organization or sector.
15.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 15 Organizational Example Research • Spoofed domains targeting Anthem BCBS legitimate domains • 10 domains/organizations Anthem BCBS Identified • Over 1400 spoofed domains • Over 280 in 2015 • 59 of which came from China
16.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 16 Number of Spoofed Domain Registrations from China Targeting BCBS Entities, 2015
17.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 17 Number of Spoofed Domain Registrations from China Targeting BCBS Entities, 2015
18.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 18 Number of Spoofed Domain Registrations from China Targeting BCBS Entities, 2015
19.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 19 Sector Example Research • Spoofed domains targeting six major pharmaceutical companies Pharmaceutical Industry Identified • Over 2000 spoofed domains • 304 in 2015 • At least 70 from China
20.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 20 Findings Novartis – March 2015 • Three spoofed domains in March • FDA approves first biosimilar drug • Beijing lifts price controls on pharmaceuticals Lilly – November 2015 • Eight spoofed domains in Oct • Twelve in Nov • Eli Lilly and China's Innovent expand partnership • FDA approves cancer drug Sanofi – April 2016 • Twelve spoofed domains in April • Two rest of 2016 • Bids for Medivation • Eczema drug clears trials
21.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 21 What Does This Mean for an Org/Sector? Spikes in registration activity • Potentially portend malicious activity • Necessitate heightened awareness • May not be malicious • May be related to non-cyber events • Situational awareness for sectors WHOIS • Registrants, email addresses for tracking • Identify other domains that individuals targeting your organization register Helps identify threats • Consistencies with previously identified APTs • Capabilities, TTPs, and other infrastructure to be aware of
22.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary Domain Registrations as Tactical Intel
23.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 23 Pivoting from One Spoofed Domain to Others Process • Identify spoofed domain that is particularly suspicious or has been leveraged in malicious activity • Get WHOIS and/or SOA information for domain • Registrant, registrar, create date, registrant email address, country of origin, name server, etc. • Identify the most unique registration information • Pivot to other domains using the most unique registration information Hypothesis • WHOIS information for an encountered spoofed domain can help us identify an actor’s other spoofed domains that may be leveraged against the same or other targets.
24.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 24 DNC and DCCC Attacks DNC • CrowdStrike analysis from mid June • Identified a FANCY BEAR IP address • ThreatConnect identified misdepatrment[.]com • Spoofs MIS Department DCCC • Reporting from mid July identified that same actors compromised DCCC • Used spoofed domain targeting donation website • Fidelis identified actblues[.]com vs actblue[.]com • Registered day after DNC attack publicized
25.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 25 WHOIS/SOA Information for FB Domains misdepatrment[.]com actblues[.]com
26.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 26 What Can We Pivot from that is Unique? misdepatrment[.]com actblues[.]com
27.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 27 What Can We Pivot from that is Unique? misdepatrment[.]com actblues[.]com httpconnectsys[.]com fastcontech[.]com intelsupportcenter[.]com intelsupportcenter[.]net
28.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 28 What Can We Pivot from that is Unique? misdepatrment[.]com actblues[.]com httpconnectsys[.]com fastcontech[.]com intelsupportcenter[.]com intelsupportcenter[.]net
29.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 29 What Can We Pivot from that is Unique? misdepatrment[.]com actblues[.]com httpconnectsys[.]com fastcontech[.]com intelsupportcenter[.]com intelsupportcenter[.]net
30.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 30 What Can We Pivot from that is Unique? misdepatrment[.]com actblues[.]com httpconnectsys[.]com fastcontech[.]com intelsupportcenter[.]com intelsupportcenter[.]net
31.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary Domains4Bitcoins (1a7ea920.bitcoin-dns.hosting) • Bitcoins • ~2500 domains • Previous associations to FB •militaryobserver[.]net •sysprofsvc[.]com •euronews24[.]info •naoasch[.]com •storsvc[.]org ITitch (ns1.ititch.com) • Bitcoins • ~2100 domains 31 Name Servers
32.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 32 Hundreds of Spoofed Domains on Name Servers • access-google[.]com • actblues[.]com • adobeflashdownload[.]de • adobeflashplayer[.]me • adobeflashplayer[.]space • adobeupdater[.]org • adobeupdatetechnology[.]com • adoble[.]net • akamaitechnologysupport[.]com • akamaitechupdate[.]com • appclientsupport[.]ca • appleappcache[.]com • appleauthservice[.]com • applerefund[.]com • archivenow[.]org • bbcupdatenews[.]com • bit-co[.]org • bitsdelivery[.]com • buy0day[.]com • cdn-google[.]com • cdncloudflare[.]com • cloudfiare[.]com • dynamicnewsfeeds[.]com • ebiqiuty[.]com • egypressoffice[.]com • eigsecure[.]com • facebook-profiles[.]com • flashplayer2015[.]xyz • goaarmy[.]org • govsh[.]net • great-support[.]com • hackborders[.]net • helper-akamai[.]com • honeyvvell[.]co • intelintelligence[.]org • intelsupportcenter[.]com • intelsupportcenter[.]net • login-hosts[.]com • logmein-careservice[.]com • marshmallow-google[.]com • micoft[.]com • microsoft-updates[.]me • mofa-uae[.]com • ms-drivadptrwin[.]com • ms-sus6[.]com • ms-updates[.]com • nato-org[.]com • natoadviser[.]com • new-ru[.]org • newflashplayer2015[.]xyz • passwordreset[.]co • pdf-online-viewer[.]com • sec-verified[.]com • securesystemwin[.]com • securityresearch[.]cc • services-gov[.]co[.]uk • social-microsoft[.]com • socialmedia-lab[.]com • symantecupdates[.]com • terms-google[.]com • theguardiannews[.]org • theguardianpress[.]com • thehufflngtonpost[.]com • vortex-sandbox-microsoft[.]com • vpssecurehost[.]com • win-wnigarden[.]com • wincodec[.]com • windowsnewupdated[.]com • winliveupdate[.]top • winninggroup-sg[.]com • wm-z[.]biz • wmepadtech[.]com • wsjworld[.]com • yourflashplayer[.]xyz
33.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 33 Subset for 1&1 Email Domains Domains4Bitcoins (1a7ea920.bitcoin-dns.hosting) • akamaitechnologysupport[.]com • akamaitechupdate[.]com • micoft[.]com • ms-drivadptrwin[.]com • ms-sus6[.]com • securesystemwin[.]com • wmepadtech[.]com • natoadviser[.]com • theguardiannews[.]org • wsjworld[.]com ITitch (ns1.ititch.com) • bitsdelivery[.]com • apptaskserver[.]com • aptupdates[.]org • contentupdate[.]org • defenceglobaladviser[.]com • dowssys[.]com • gmailservicegroup[.]com • i-aol-mail[.]com • msmodule[.]net • officeupdater[.]com • systemsv[.]org • updmanager[.]net
34.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 34 What Does This Mean for an Org/Sector? Relevant threat intelligence • During incidents • Actor pivoting • Historical registrations for reviewing previous activity WHOIS • Identify other domains that individuals targeting your organization register Future tracking • Registrant email addresses • Name servers • Confluence of WHOIS information
35.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 35 Caveats Findings merit additional research • Spoofed domains are not necessarily malicious • Tracking domains may help identify if/when they are operationalized • Hosting information • Slice and dice the WHOIS Legitimate domains • Some domains, like lilly.com, inherently have false positives • Baseline activity to identify spikes • Also requires an understanding of your organization’s assets Importance of sharing • Impossible to do this type of research for all of the organizations/technologies that your organization may be involved with • Sharing intelligence derived from this type of research facilitates other organizations’ defensive efforts
36.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 36 Conclusions Leverage intelligence from spoofed domain registrations Not cost prohibitive • Lower amount of resources • Some tools openly available Strategic and tactical research • Focuses on a common TTP • Provides situational and tactical awareness Helps defend your organization and others • Sharing is caring • Cyber security karma
37.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary THANK YOU! © 2016 ThreatConnect, Inc. All Rights Reserved Blog: threatconnect.com/blog Twitter: @ThreatConnect Sign up for a free account: www.threatconnect.com/free
Jetzt herunterladen