A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure
SANS Cyber Threat Intelligence Summit 2023
Luna Moth: A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure
Oren Biderman, Senior Incident Response & Threat Hunting Expert, Sygnia
Noam Lifshitz, Incident Response Team Leader, Sygnia
Pivoting, or being able to move between indicators of compromise and up David Bianco's Pyramid of Pain to uncover the threat actor's tactics, techniques and procedures (TTPs) is a common practice in Cyber threat intelligence (CTI) operations. However, it is sometimes regarded more as a black art than a science. In this talk we will discuss a threat group dubbed "Luna Moth" that leverages call-back phishing techniques, as a case study to walk you through the process of leveraging indicators of compromise identified while responding to several security breaches to uncover the threat actor's infrastructure. The talk will include: 1. An overview of several breaches we investigated focusing on the attacker's modus operandi. 2. A breakdown of two techniques which were used to pivot between IOCs to uncover and track the threat actor infrastructure. 3. Example of employing automation to continuously monitor the threat actor's infrastructure.
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
Видео A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure канала SANS Digital Forensics and Incident Response
Luna Moth: A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure
Oren Biderman, Senior Incident Response & Threat Hunting Expert, Sygnia
Noam Lifshitz, Incident Response Team Leader, Sygnia
Pivoting, or being able to move between indicators of compromise and up David Bianco's Pyramid of Pain to uncover the threat actor's tactics, techniques and procedures (TTPs) is a common practice in Cyber threat intelligence (CTI) operations. However, it is sometimes regarded more as a black art than a science. In this talk we will discuss a threat group dubbed "Luna Moth" that leverages call-back phishing techniques, as a case study to walk you through the process of leveraging indicators of compromise identified while responding to several security breaches to uncover the threat actor's infrastructure. The talk will include: 1. An overview of several breaches we investigated focusing on the attacker's modus operandi. 2. A breakdown of two techniques which were used to pivot between IOCs to uncover and track the threat actor infrastructure. 3. Example of employing automation to continuously monitor the threat actor's infrastructure.
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
Видео A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure канала SANS Digital Forensics and Incident Response
Показать
Комментарии отсутствуют
Информация о видео
3 апреля 2023 г. 22:23:01
00:23:49
Другие видео канала
How to Leverage Cloud Threat Intelligence Without Drowning: The Zero-Noise Approach
Beyond the Basics: The Role of LLM in Modern Threat Intelligence
Applying Threat Intelligence Practically to Meet the Needs of an Evolving Regulatory Environment
How an Info Sharing Analysis Center Works w/ its Members to Improve Cyber Defenses for Their Sector
Bridging the Intelligence Divide: Building CTI Blueprints for Value-Based Production
How Threat Intelligence Helped Us Defend and Respond to a Nation-State-Sponsored Threat Actor
Clustering Attacker Behavior: Connecting the Dots in the RaaS Ecosystem
Threat Intelligence is a Fallacy, but I May be Biased
Deep Dive into Supply Chain Compromise: Hospitality’s Hidden Risks
Beyond Cryptojacking: Studying Contemporary Malware in the Cloud
Why Won’t They Listen? – ConnectingYour CTI to Decision Makers
Cybersecurity is GeoPolitical: Lessons From the Fight Against Mercenary Spyware Proliferation
Intellimation: Guidance for Integrating Automation in Your Cyber Threat Intelligence Program
The Cyber-Hobbit:There and Back Again in CTI
Navigating the Digital Battlefield: A Framework for Geopolitical Cyber Risk Assessment
Sharing Compared: A Study on the Changing Landscape of CTI Networking
Let’s Be Honest About MITRE ATT&CK® Mappings and the “So What”
Zero to CTI: A Novice’s Journey into Threat Intelligence
OSINTer: Automating the CTI Heavy Lifting the Open Source Way!
Revisiting the Indicator: Towards a Threat Intelligence Ontology
Slow Cooking and Cyber Threat Intelligence: Cooking a High-Performing Team