Uncovering and Visualizing Malicious Infrastructure - SANS Threat Hunting Summit 2018



How much information about a threat can you find using a single IP address, domain name, or indicator of compromise (IOC)? What additional threats can you identify when looking at attacker and victim infrastructure? To discover and analyze the infrastructure behind large-scale malware activity, we’ll look at known indicators from popular botnets spreading such threats as Locky, Globeimposter, and Trickbot. We will highlight co-occurring malicious activities observed on the infrastructure of popular botnets, and demonstrate practical techniques to find threats, analyze botnet and malware infrastructure in order to identify actor and victim infrastructure, and show how to pivot to discover additional IOCs using such techniques as passive DNS and OSINT. Finally, we will demonstrate how visualizing known IOCs helps to better understand the connections between infrastructure, threats, victims, and malicious actors. Josh Pyorre (@joshpyorre), Security Research Analyst, Cisco Umbrella Josh has worked in security for 14 years. He’s been a threat analyst at NASA and also helped to build the Security Operations Center at Mandiant. His professional interests involve network, computer, and data security. Andrea Scarfo (@AScarf0), Security Research Analyst, Cisco Umbrella Andrea worked as a Sysadmin for 12 years and has worked with Hewlett Packard and the city of Danville, CA. She began working with Open DNS in 2015 and has worked tirelessly to make the Internet a safer place.

source: https://www.youtube.com/watch?v=FrAY6B-L_o8



Para mas informacion visita: https://sectemple.blogspot.com/


Visita mis otros blogs
https://elantroposofista.blogspot.com/
https://gamingspeedrun.blogspot.com/
https://skatemutante.blogspot.com/
https://budoyartesmarciales.blogspot.com/
https://elrinconparanormal.blogspot.com/
https://freaktvseries.blogspot.com/


BUY cheap unique NFTs: https://mintable.app/u/cha0smagick

Comments