Hunting Cyber Threat Actors with TLS Certificates
Hunting Cyber Threat Actors with TLS Certificates
This presentation will go over how net defenders and threat intel analysts can use TLS/SSL data from open source sites like scans.io and censys.io to defend their networks and track threat actors that use TLS/SSL to encrypt their command and control, perform credential harvesting or even manage their command and control infrastructure. Most analysts know and use Whois registrant info to track domains threat actors create. However, a lot of threat actors have learned to use Domain Privacy Registration which mitigates
that tracking ability. Analysts also like to use passive DNS sources to track domains and ip’s as actors move their infrastructure. Others analysts use things like VirusTotal to track threat actors based off their malware but not everyone has access to VirusTotal. Using this technique that I will be discussing, defenders and analysts can easily track malware command and control infrastructure as it moves and put the appropriate defense mitigations in place as needed.
Mark Parsons, DevOps/ThreatIntel, Punch Cyber Analytics
Видео Hunting Cyber Threat Actors with TLS Certificates канала SANS Digital Forensics and Incident Response
This presentation will go over how net defenders and threat intel analysts can use TLS/SSL data from open source sites like scans.io and censys.io to defend their networks and track threat actors that use TLS/SSL to encrypt their command and control, perform credential harvesting or even manage their command and control infrastructure. Most analysts know and use Whois registrant info to track domains threat actors create. However, a lot of threat actors have learned to use Domain Privacy Registration which mitigates
that tracking ability. Analysts also like to use passive DNS sources to track domains and ip’s as actors move their infrastructure. Others analysts use things like VirusTotal to track threat actors based off their malware but not everyone has access to VirusTotal. Using this technique that I will be discussing, defenders and analysts can easily track malware command and control infrastructure as it moves and put the appropriate defense mitigations in place as needed.
Mark Parsons, DevOps/ThreatIntel, Punch Cyber Analytics
Видео Hunting Cyber Threat Actors with TLS Certificates канала SANS Digital Forensics and Incident Response
Показать
Комментарии отсутствуют
Информация о видео
2 марта 2017 г. 5:46:40
00:27:07
Другие видео канала
Threat Hunting via DNS with Eric Conrad - SANS Blue Team Summit 2020AlphaBay Market: Lessons From Underground Intelligence Analysis - SANS CTI Summit 2018Insider Threat Hunting with a Distributed WorkforceAchieving Effective Attribution: Case Study on ICS Threats w/ Robert M Lee - Keynote SANS CTI Summit24 Techniques to Gather Threat Intel and Track ActorsSTAR Webcast: Threat Hunting and the Rise of Targeted eCrime IntrusionsThreat Detection and Hunting for Common MITRE ATT&CK TechniquesThe Cycle of Cyber Threat IntelligenceBEC Revisited: Dropping By on Our Favorite Prince - SANS CTI Summit 2019Open Season: Building a Threat Hunting Program with Open Source ToolsThreat Hunting Beacon AnalysisTaking Hunting to the Next Level: Hunting in Memory - SANS Threat Hunting Summit 2017Wireshark for Incident Response & Threat Hunting Workshop at OWASP SBDeath to the IOC: What's Next in Threat IntelligenceDiscover the secrets of a SOC and how to build a Threat Hunting teamThreat Hunting via Sysmon - SANS Blue Team SummitThreat Hunting via DNS | SANS@MIC TalkHow will AI impact the future of cyber crime? - Dave Palmer, DarktraceSteven Bay Presents "Edward Snowden and Defending Against the Insider Threat"