A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure
SANS Cyber Threat Intelligence Summit 2023
Luna Moth: A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure
Oren Biderman, Senior Incident Response & Threat Hunting Expert, Sygnia
Noam Lifshitz, Incident Response Team Leader, Sygnia
Pivoting, or being able to move between indicators of compromise and up David Bianco's Pyramid of Pain to uncover the threat actor's tactics, techniques and procedures (TTPs) is a common practice in Cyber threat intelligence (CTI) operations. However, it is sometimes regarded more as a black art than a science. In this talk we will discuss a threat group dubbed "Luna Moth" that leverages call-back phishing techniques, as a case study to walk you through the process of leveraging indicators of compromise identified while responding to several security breaches to uncover the threat actor's infrastructure. The talk will include: 1. An overview of several breaches we investigated focusing on the attacker's modus operandi. 2. A breakdown of two techniques which were used to pivot between IOCs to uncover and track the threat actor infrastructure. 3. Example of employing automation to continuously monitor the threat actor's infrastructure.
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
Видео A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure канала SANS Digital Forensics and Incident Response
Luna Moth: A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure
Oren Biderman, Senior Incident Response & Threat Hunting Expert, Sygnia
Noam Lifshitz, Incident Response Team Leader, Sygnia
Pivoting, or being able to move between indicators of compromise and up David Bianco's Pyramid of Pain to uncover the threat actor's tactics, techniques and procedures (TTPs) is a common practice in Cyber threat intelligence (CTI) operations. However, it is sometimes regarded more as a black art than a science. In this talk we will discuss a threat group dubbed "Luna Moth" that leverages call-back phishing techniques, as a case study to walk you through the process of leveraging indicators of compromise identified while responding to several security breaches to uncover the threat actor's infrastructure. The talk will include: 1. An overview of several breaches we investigated focusing on the attacker's modus operandi. 2. A breakdown of two techniques which were used to pivot between IOCs to uncover and track the threat actor infrastructure. 3. Example of employing automation to continuously monitor the threat actor's infrastructure.
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
Видео A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure канала SANS Digital Forensics and Incident Response
Показать
Комментарии отсутствуют
Информация о видео
3 апреля 2023 г. 22:23:01
00:23:49
Другие видео канала
![How to Leverage Cloud Threat Intelligence Without Drowning: The Zero-Noise Approach](https://i.ytimg.com/vi/Q0cBwuPy-m0/default.jpg)
![Beyond the Basics: The Role of LLM in Modern Threat Intelligence](https://i.ytimg.com/vi/9PpfYaAxFq4/default.jpg)
![Applying Threat Intelligence Practically to Meet the Needs of an Evolving Regulatory Environment](https://i.ytimg.com/vi/ZneUyNceklY/default.jpg)
![How an Info Sharing Analysis Center Works w/ its Members to Improve Cyber Defenses for Their Sector](https://i.ytimg.com/vi/Rx0npcXC-Bo/default.jpg)
![Bridging the Intelligence Divide: Building CTI Blueprints for Value-Based Production](https://i.ytimg.com/vi/8zuGorPp5R8/default.jpg)
![How Threat Intelligence Helped Us Defend and Respond to a Nation-State-Sponsored Threat Actor](https://i.ytimg.com/vi/fBva043j4bw/default.jpg)
![Clustering Attacker Behavior: Connecting the Dots in the RaaS Ecosystem](https://i.ytimg.com/vi/ZNf0T1yHl8s/default.jpg)
![Threat Intelligence is a Fallacy, but I May be Biased](https://i.ytimg.com/vi/0gbLJJIAdiY/default.jpg)
![Deep Dive into Supply Chain Compromise: Hospitality’s Hidden Risks](https://i.ytimg.com/vi/FQbMicg1Ldg/default.jpg)
![Beyond Cryptojacking: Studying Contemporary Malware in the Cloud](https://i.ytimg.com/vi/MVwiDcJZTwU/default.jpg)
![Why Won’t They Listen? – ConnectingYour CTI to Decision Makers](https://i.ytimg.com/vi/LyHSqA3Rons/default.jpg)
![Cybersecurity is GeoPolitical: Lessons From the Fight Against Mercenary Spyware Proliferation](https://i.ytimg.com/vi/lByB-GhWRgs/default.jpg)
![Intellimation: Guidance for Integrating Automation in Your Cyber Threat Intelligence Program](https://i.ytimg.com/vi/NhWLVvbR35k/default.jpg)
![The Cyber-Hobbit:There and Back Again in CTI](https://i.ytimg.com/vi/XrZS87BuTQU/default.jpg)
![Navigating the Digital Battlefield: A Framework for Geopolitical Cyber Risk Assessment](https://i.ytimg.com/vi/NJT0Y0Pj7e0/default.jpg)
![Sharing Compared: A Study on the Changing Landscape of CTI Networking](https://i.ytimg.com/vi/_Bwm5HKjOfw/default.jpg)
![Let’s Be Honest About MITRE ATT&CK® Mappings and the “So What”](https://i.ytimg.com/vi/XceKZiKKZdo/default.jpg)
![Zero to CTI: A Novice’s Journey into Threat Intelligence](https://i.ytimg.com/vi/cINxmGOfnio/default.jpg)
![OSINTer: Automating the CTI Heavy Lifting the Open Source Way!](https://i.ytimg.com/vi/9FRxmGHvN7o/default.jpg)
![Revisiting the Indicator: Towards a Threat Intelligence Ontology](https://i.ytimg.com/vi/8QpsmMAQOUI/default.jpg)
![Slow Cooking and Cyber Threat Intelligence: Cooking a High-Performing Team](https://i.ytimg.com/vi/sO1D-mvOiq8/default.jpg)