SlideShare a Scribd company logo

I am a Nation State and So Can You

S
synackpwn

Hack3rcon V presentation by @tothehilt and @synackpwn on the current state of 'cyber threat intelligence', how scanning CONPOTs make you OMG CHINA, and other nonsense in the industry.

Technology
1 of 32
Download to read offline
I’m a Nation State and So Can You!
NextGen Cyber Threat Intel
Intros SynAckPwn
Intros tothehilt
Started With Derbycon youtube.com/watch?v=7jfshUL-0yM
Know Your Protocols
Oops
OMG Chattanooga? However, DouceNoozle Inc founder and Chief Technical Officer Herbert A Derp points out that nation-states sometimes launch attacks from computers within their own borders because they control the Internet there and can ensure the computers won't get taken offline.
Choo Choo Motherfucker Beijing may not be a surprise, but Chattanooga?
"The scans were to honeypots, so there is no reason for any traffic to be going to these systems.” “We found almost nothing publicly available about this IP." “They run no legitimate services and have no DNS entries, so any traffic to them is suspicious, especially traffic to tcp port 102 that conforms to the S7comm spec.”
Threat Intel Derp Levels: Seeing what you want to see
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
What is (Real)Intel Analysis? - Develop specific expertise, discern patterns of complex behavior, and provide an accurate understanding of present and future threats. - Apply highly developed inductive reasoning skills to provide a proactive approach to potential threats. - Navigate a variety of records, reports, miscellaneous communications, case files, and other sources to support research and analysis. - Initiate, establish, and maintain effective working relationships inside and outside the FBI. What makes a good IA? According to Marita Cook, a strategic analyst at FBI Headquarters, “You have to be very data oriented. You need to understand the data and how all the pieces can be used together to see the larger picture. You need to be intrigued by questions—why are things happening the way they are? And above all,” she said, “you have to be persistent, following every lead to its logical conclusion.” Find Meaningful Patterns in Meaningless Noise
What is Not? Data Visualization ≠ Intel Analysis
Magic Quadrant Level 0: Just scanning shit - No obfuscation needed Level 1: Non attribution - Still legal Level 2: Non attribution - Probably Illegal Level 3: OMG NSA - Going to GITMO
Level 0 The ‘ErrataRob’ Model - Fuck you, I can scan what I want and I’m going to let you know about it
Level 1 The ‘I Don’t Want to Be Weev’ Model - Still legal, but you don’t want to deal with the hassle Active scanning, browsing, FTP, etc. Not attacks, just using the services available.
Level 2 The ‘Internet Census 2012’ Model - Illegal tactics for the greater good (mostly harmless)
Level 3 The ‘Swat Brian Krebs’ Model - I just want to cause harm on the internet, because lulz.
“NextGen Threat Intel” Level 0 - OMG APTCHINA: Pings and port scans are tagged as advanced attacks from adversaries. Level 1/2 - Noise: Just obfuscated enough for them to not care, activity not interesting enough to investigate Level 3 - Nation State Attention: FBI/NSA is on your ass
Master De/b/ater If you’re not doing anything wrong, then you have nothing hide.
Master De/b/ater What is Real Threat Intel
Master De/b/ater Is ‘Threat Intel’ Useful - Blue Teams, Perimeter Defense, Anything?
Master De/b/ater Admitting we’re wrong, current cyber threat intel is only mostly worthless, not completely worthless
Questions?

Recommended

Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Toastmasters - Securing Your Smartphone
Toastmasters - Securing Your SmartphoneToastmasters - Securing Your Smartphone
Toastmasters - Securing Your SmartphoneHasani Jaali
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingLalit Kumar
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Ethical hacking composed
Ethical hacking composedEthical hacking composed
Ethical hacking composedBikalpa Thapa
 
Hacking
HackingHacking
HackingPurohit Rock
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalistsJillian York
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 

Recommended

Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Toastmasters - Securing Your Smartphone
Toastmasters - Securing Your SmartphoneToastmasters - Securing Your Smartphone
Toastmasters - Securing Your SmartphoneHasani Jaali
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingLalit Kumar
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Ethical hacking composed
Ethical hacking composedEthical hacking composed
Ethical hacking composedBikalpa Thapa
 
Hacking
HackingHacking
HackingPurohit Rock
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalistsJillian York
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Ethical Hacking
Ethical Hacking Ethical Hacking
Ethical Hacking Harshit Upadhyay
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering TechniquesNeelu Tripathy
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobilegrugq
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBinit Kumar
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
Are Computer Hacker Break-ins Ethical -- Spafford
Are Computer Hacker Break-ins Ethical -- SpaffordAre Computer Hacker Break-ins Ethical -- Spafford
Are Computer Hacker Break-ins Ethical -- SpaffordMia Eaker
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingMuzaffar Ahmad
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
Frony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityFrony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityJose Fernandez
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareFelipe Prado
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRajan Chhangani
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRajan Chhangani
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Infosecurity2010
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesBlake Carver
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 

More Related Content

What's hot

Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering TechniquesNeelu Tripathy
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobilegrugq
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
Are Computer Hacker Break-ins Ethical -- Spafford
Are Computer Hacker Break-ins Ethical -- SpaffordAre Computer Hacker Break-ins Ethical -- Spafford
Are Computer Hacker Break-ins Ethical -- SpaffordMia Eaker
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
Frony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityFrony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityJose Fernandez
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareFelipe Prado
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Infosecurity2010
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 

What's hot (20)

Ethical Hacking
Ethical Hacking Ethical Hacking
Ethical Hacking
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering Techniques
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobile
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
 
Are Computer Hacker Break-ins Ethical -- Spafford
Are Computer Hacker Break-ins Ethical -- SpaffordAre Computer Hacker Break-ins Ethical -- Spafford
Are Computer Hacker Break-ins Ethical -- Spafford
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
Frony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityFrony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar City
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
 
Social engineering
Social engineeringSocial engineering
Social engineering
 

Similar to I am a Nation State and So Can You

An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesBlake Carver
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Santhosh Tuppad
 
Forensic Science Informatics P3 M3 D3
Forensic Science Informatics P3 M3 D3Forensic Science Informatics P3 M3 D3
Forensic Science Informatics P3 M3 D3Steve Bishop
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Jesus Rances
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshopforensicsnation
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop newforensicsnation
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspacezapp0
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Report of cyber crime
Report of cyber crimeReport of cyber crime
Report of cyber crimeAlisha Korpal
 
How to hack. Cyprus meetup
How to hack. Cyprus meetupHow to hack. Cyprus meetup
How to hack. Cyprus meetupIvan Novikov
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)Takeshi Takahashi
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
APT in the Financial Sector
APT in the Financial SectorAPT in the Financial Sector
APT in the Financial SectorLIFARS
 

Similar to I am a Nation State and So Can You (20)

An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Forensic Science Informatics P3 M3 D3
Forensic Science Informatics P3 M3 D3Forensic Science Informatics P3 M3 D3
Forensic Science Informatics P3 M3 D3
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
 
Security
SecuritySecurity
Security
 
Report of cyber crime
Report of cyber crimeReport of cyber crime
Report of cyber crime
 
How to hack. Cyprus meetup
How to hack. Cyprus meetupHow to hack. Cyprus meetup
How to hack. Cyprus meetup
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
APT in the Financial Sector
APT in the Financial SectorAPT in the Financial Sector
APT in the Financial Sector
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

I am a Nation State and So Can You

  • 1. I’m a Nation State and So Can You!
  • 5. Started With Derbycon youtube.com/watch?v=7jfshUL-0yM
  • 8. OMG Chattanooga? However, DouceNoozle Inc founder and Chief Technical Officer Herbert A Derp points out that nation-states sometimes launch attacks from computers within their own borders because they control the Internet there and can ensure the computers won't get taken offline.
  • 9. Choo Choo Motherfucker Beijing may not be a surprise, but Chattanooga?
  • 10. "The scans were to honeypots, so there is no reason for any traffic to be going to these systems.” “We found almost nothing publicly available about this IP." “They run no legitimate services and have no DNS entries, so any traffic to them is suspicious, especially traffic to tcp port 102 that conforms to the S7comm spec.”
  • 11. Threat Intel Derp Levels: Seeing what you want to see
  • 12. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 13. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 14. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 15. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 16. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 17. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 18. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 19. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 20. What is (Real)Intel Analysis? - Develop specific expertise, discern patterns of complex behavior, and provide an accurate understanding of present and future threats. - Apply highly developed inductive reasoning skills to provide a proactive approach to potential threats. - Navigate a variety of records, reports, miscellaneous communications, case files, and other sources to support research and analysis. - Initiate, establish, and maintain effective working relationships inside and outside the FBI. What makes a good IA? According to Marita Cook, a strategic analyst at FBI Headquarters, “You have to be very data oriented. You need to understand the data and how all the pieces can be used together to see the larger picture. You need to be intrigued by questions—why are things happening the way they are? And above all,” she said, “you have to be persistent, following every lead to its logical conclusion.” Find Meaningful Patterns in Meaningless Noise
  • 21. What is Not? Data Visualization ≠ Intel Analysis
  • 22. Magic Quadrant Level 0: Just scanning shit - No obfuscation needed Level 1: Non attribution - Still legal Level 2: Non attribution - Probably Illegal Level 3: OMG NSA - Going to GITMO
  • 23. Level 0 The ‘ErrataRob’ Model - Fuck you, I can scan what I want and I’m going to let you know about it
  • 24. Level 1 The ‘I Don’t Want to Be Weev’ Model - Still legal, but you don’t want to deal with the hassle Active scanning, browsing, FTP, etc. Not attacks, just using the services available.
  • 25. Level 2 The ‘Internet Census 2012’ Model - Illegal tactics for the greater good (mostly harmless)
  • 26. Level 3 The ‘Swat Brian Krebs’ Model - I just want to cause harm on the internet, because lulz.
  • 27. “NextGen Threat Intel” Level 0 - OMG APTCHINA: Pings and port scans are tagged as advanced attacks from adversaries. Level 1/2 - Noise: Just obfuscated enough for them to not care, activity not interesting enough to investigate Level 3 - Nation State Attention: FBI/NSA is on your ass
  • 28. Master De/b/ater If you’re not doing anything wrong, then you have nothing hide.
  • 29. Master De/b/ater What is Real Threat Intel
  • 30. Master De/b/ater Is ‘Threat Intel’ Useful - Blue Teams, Perimeter Defense, Anything?
  • 31. Master De/b/ater Admitting we’re wrong, current cyber threat intel is only mostly worthless, not completely worthless