Hunting Cyber Threat Actors with TLS Certificates
Hunting Cyber Threat Actors with TLS Certificates
This presentation will go over how net defenders and threat intel analysts can use TLS/SSL data from open source sites like scans.io and censys.io to defend their networks and track threat actors that use TLS/SSL to encrypt their command and control, perform credential harvesting or even manage their command and control infrastructure. Most analysts know and use Whois registrant info to track domains threat actors create. However, a lot of threat actors have learned to use Domain Privacy Registration which mitigates
that tracking ability. Analysts also like to use passive DNS sources to track domains and ip’s as actors move their infrastructure. Others analysts use things like VirusTotal to track threat actors based off their malware but not everyone has access to VirusTotal. Using this technique that I will be discussing, defenders and analysts can easily track malware command and control infrastructure as it moves and put the appropriate defense mitigations in place as needed.
Mark Parsons, DevOps/ThreatIntel, Punch Cyber Analytics
Видео Hunting Cyber Threat Actors with TLS Certificates канала SANS Digital Forensics and Incident Response
This presentation will go over how net defenders and threat intel analysts can use TLS/SSL data from open source sites like scans.io and censys.io to defend their networks and track threat actors that use TLS/SSL to encrypt their command and control, perform credential harvesting or even manage their command and control infrastructure. Most analysts know and use Whois registrant info to track domains threat actors create. However, a lot of threat actors have learned to use Domain Privacy Registration which mitigates
that tracking ability. Analysts also like to use passive DNS sources to track domains and ip’s as actors move their infrastructure. Others analysts use things like VirusTotal to track threat actors based off their malware but not everyone has access to VirusTotal. Using this technique that I will be discussing, defenders and analysts can easily track malware command and control infrastructure as it moves and put the appropriate defense mitigations in place as needed.
Mark Parsons, DevOps/ThreatIntel, Punch Cyber Analytics
Видео Hunting Cyber Threat Actors with TLS Certificates канала SANS Digital Forensics and Incident Response
Показать
Комментарии отсутствуют
Информация о видео
2 марта 2017 г. 5:46:40
00:27:07
Другие видео канала
Threat Hunting via DNS with Eric Conrad - SANS Blue Team Summit 2020
AlphaBay Market: Lessons From Underground Intelligence Analysis - SANS CTI Summit 2018
Insider Threat Hunting with a Distributed Workforce
Achieving Effective Attribution: Case Study on ICS Threats w/ Robert M Lee - Keynote SANS CTI Summit
24 Techniques to Gather Threat Intel and Track Actors
STAR Webcast: Threat Hunting and the Rise of Targeted eCrime Intrusions
Threat Detection and Hunting for Common MITRE ATT&CK Techniques
The Cycle of Cyber Threat Intelligence
BEC Revisited: Dropping By on Our Favorite Prince - SANS CTI Summit 2019
Open Season: Building a Threat Hunting Program with Open Source Tools
Threat Hunting Beacon Analysis
Taking Hunting to the Next Level: Hunting in Memory - SANS Threat Hunting Summit 2017
Wireshark for Incident Response & Threat Hunting Workshop at OWASP SB
Death to the IOC: What's Next in Threat Intelligence
Discover the secrets of a SOC and how to build a Threat Hunting team
Threat Hunting via Sysmon - SANS Blue Team Summit
Threat Hunting via DNS | SANS@MIC Talk
How will AI impact the future of cyber crime? - Dave Palmer, Darktrace
Steven Bay Presents "Edward Snowden and Defending Against the Insider Threat"