Submit Search
Upload
Blackhat - Do you trust your Threat Intelligence
•
0 likes
•
574 views
Christopher Doman
Follow
Blackhat - Do you trust your Threat Intelligence
Read less
Read more
Technology
Report
Share
Report
Share
1 of 32
Download now
Download to read offline
Recommended
At&t cybersecurity introduction with alien vault
At&t cybersecurity introduction with alien vault
Mohamed Abdelhakim
Being A Socially Responsible Social Developer: Mobile App Security
Being A Socially Responsible Social Developer: Mobile App Security
Doug Sillars
Quality Assessment of Qualcomm Patents for the IoT(Internet of Things) Connec...
Quality Assessment of Qualcomm Patents for the IoT(Internet of Things) Connec...
Alex G. Lee, Ph.D. Esq. CLP
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
DataWorks Summit/Hadoop Summit
Near Real-Time Outlier Detection and Interpretation
Near Real-Time Outlier Detection and Interpretation
DataWorks Summit/Hadoop Summit
Managing the Cyberthreat Landscape
Managing the Cyberthreat Landscape
AT&T
Jason Yu, AT&T
Jason Yu, AT&T
Hilary Ip
Firewall Webinar
Firewall Webinar
AT&T
Recommended
At&t cybersecurity introduction with alien vault
At&t cybersecurity introduction with alien vault
Mohamed Abdelhakim
Being A Socially Responsible Social Developer: Mobile App Security
Being A Socially Responsible Social Developer: Mobile App Security
Doug Sillars
Quality Assessment of Qualcomm Patents for the IoT(Internet of Things) Connec...
Quality Assessment of Qualcomm Patents for the IoT(Internet of Things) Connec...
Alex G. Lee, Ph.D. Esq. CLP
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
DataWorks Summit/Hadoop Summit
Near Real-Time Outlier Detection and Interpretation
Near Real-Time Outlier Detection and Interpretation
DataWorks Summit/Hadoop Summit
Managing the Cyberthreat Landscape
Managing the Cyberthreat Landscape
AT&T
Jason Yu, AT&T
Jason Yu, AT&T
Hilary Ip
Firewall Webinar
Firewall Webinar
AT&T
Securing the Internet of Things: What the CEO Needs to Know
Securing the Internet of Things: What the CEO Needs to Know
AT&T
Cyber Threat Detection and Interpretation
Cyber Threat Detection and Interpretation
DataWorks Summit/Hadoop Summit
The CEO’s Guide to Cyberbreach Response
The CEO’s Guide to Cyberbreach Response
AT&T
Not If, But When: A CEO's Guide to Cyberbreach Response
Not If, But When: A CEO's Guide to Cyberbreach Response
AT&T
Getting Your Piece of the Mobile Pi 2017
Getting Your Piece of the Mobile Pi 2017
Doug Sillars
2022 apidays LIVE Helsinki & North_APIs are the Last Missing Piece to Enable ...
2022 apidays LIVE Helsinki & North_APIs are the Last Missing Piece to Enable ...
apidays
Coming to Tech's Mecca 2020
Coming to Tech's Mecca 2020
Matteo Fabiano
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
Amazon Web Services
June 27 top_10_techtrends_dcearley_176465
June 27 top_10_techtrends_dcearley_176465
Kirill Goncharuk
Webinar: Consent 2.0: Applying User-Managed Access to the Privacy Challenge
Webinar: Consent 2.0: Applying User-Managed Access to the Privacy Challenge
ForgeRock
Enterprise Global Messaging
Enterprise Global Messaging
Jonathan Spinney
Broad Sky Partner Webinar - State of 5G - August 2018
Broad Sky Partner Webinar - State of 5G - August 2018
Maureen Donovan
AT&T Competitive Analysis
AT&T Competitive Analysis
AdManScott
Android App performance - Europe 2015
Android App performance - Europe 2015
Doug Sillars
Knock, Knock…The Internet of Things wants to come in?
Knock, Knock…The Internet of Things wants to come in?
CA Technologies
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
iText Group nv
IoT Solutions - Dashboarding Real-Time Data | Internet of Things | IoT Techno...
IoT Solutions - Dashboarding Real-Time Data | Internet of Things | IoT Techno...
Edureka!
(NET202) Connectivity Using Software-Defined Networking & Advanced API
(NET202) Connectivity Using Software-Defined Networking & Advanced API
Amazon Web Services
Intellectual Property Fraud Protection
Intellectual Property Fraud Protection
NEW Momentum
The Recent FakeSpy's Activity in Japan
The Recent FakeSpy's Activity in Japan
APNIC
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
Christopher Doman
Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdf
Christopher Doman
More Related Content
Similar to Blackhat - Do you trust your Threat Intelligence
Securing the Internet of Things: What the CEO Needs to Know
Securing the Internet of Things: What the CEO Needs to Know
AT&T
Cyber Threat Detection and Interpretation
Cyber Threat Detection and Interpretation
DataWorks Summit/Hadoop Summit
The CEO’s Guide to Cyberbreach Response
The CEO’s Guide to Cyberbreach Response
AT&T
Not If, But When: A CEO's Guide to Cyberbreach Response
Not If, But When: A CEO's Guide to Cyberbreach Response
AT&T
Getting Your Piece of the Mobile Pi 2017
Getting Your Piece of the Mobile Pi 2017
Doug Sillars
2022 apidays LIVE Helsinki & North_APIs are the Last Missing Piece to Enable ...
2022 apidays LIVE Helsinki & North_APIs are the Last Missing Piece to Enable ...
apidays
Coming to Tech's Mecca 2020
Coming to Tech's Mecca 2020
Matteo Fabiano
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
Amazon Web Services
June 27 top_10_techtrends_dcearley_176465
June 27 top_10_techtrends_dcearley_176465
Kirill Goncharuk
Webinar: Consent 2.0: Applying User-Managed Access to the Privacy Challenge
Webinar: Consent 2.0: Applying User-Managed Access to the Privacy Challenge
ForgeRock
Enterprise Global Messaging
Enterprise Global Messaging
Jonathan Spinney
Broad Sky Partner Webinar - State of 5G - August 2018
Broad Sky Partner Webinar - State of 5G - August 2018
Maureen Donovan
AT&T Competitive Analysis
AT&T Competitive Analysis
AdManScott
Android App performance - Europe 2015
Android App performance - Europe 2015
Doug Sillars
Knock, Knock…The Internet of Things wants to come in?
Knock, Knock…The Internet of Things wants to come in?
CA Technologies
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
iText Group nv
IoT Solutions - Dashboarding Real-Time Data | Internet of Things | IoT Techno...
IoT Solutions - Dashboarding Real-Time Data | Internet of Things | IoT Techno...
Edureka!
(NET202) Connectivity Using Software-Defined Networking & Advanced API
(NET202) Connectivity Using Software-Defined Networking & Advanced API
Amazon Web Services
Intellectual Property Fraud Protection
Intellectual Property Fraud Protection
NEW Momentum
The Recent FakeSpy's Activity in Japan
The Recent FakeSpy's Activity in Japan
APNIC
Similar to Blackhat - Do you trust your Threat Intelligence
(20)
Securing the Internet of Things: What the CEO Needs to Know
Securing the Internet of Things: What the CEO Needs to Know
Cyber Threat Detection and Interpretation
Cyber Threat Detection and Interpretation
The CEO’s Guide to Cyberbreach Response
The CEO’s Guide to Cyberbreach Response
Not If, But When: A CEO's Guide to Cyberbreach Response
Not If, But When: A CEO's Guide to Cyberbreach Response
Getting Your Piece of the Mobile Pi 2017
Getting Your Piece of the Mobile Pi 2017
2022 apidays LIVE Helsinki & North_APIs are the Last Missing Piece to Enable ...
2022 apidays LIVE Helsinki & North_APIs are the Last Missing Piece to Enable ...
Coming to Tech's Mecca 2020
Coming to Tech's Mecca 2020
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
AWS re:Invent 2016: Cloud agility and faster connectivity with AT&T NetBond a...
June 27 top_10_techtrends_dcearley_176465
June 27 top_10_techtrends_dcearley_176465
Webinar: Consent 2.0: Applying User-Managed Access to the Privacy Challenge
Webinar: Consent 2.0: Applying User-Managed Access to the Privacy Challenge
Enterprise Global Messaging
Enterprise Global Messaging
Broad Sky Partner Webinar - State of 5G - August 2018
Broad Sky Partner Webinar - State of 5G - August 2018
AT&T Competitive Analysis
AT&T Competitive Analysis
Android App performance - Europe 2015
Android App performance - Europe 2015
Knock, Knock…The Internet of Things wants to come in?
Knock, Knock…The Internet of Things wants to come in?
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
IoT Solutions - Dashboarding Real-Time Data | Internet of Things | IoT Techno...
IoT Solutions - Dashboarding Real-Time Data | Internet of Things | IoT Techno...
(NET202) Connectivity Using Software-Defined Networking & Advanced API
(NET202) Connectivity Using Software-Defined Networking & Advanced API
Intellectual Property Fraud Protection
Intellectual Property Fraud Protection
The Recent FakeSpy's Activity in Japan
The Recent FakeSpy's Activity in Japan
More from Christopher Doman
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
Christopher Doman
Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdf
Christopher Doman
AWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdf
Christopher Doman
A New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud Forensics
Christopher Doman
Cloud Forensics Tools
Cloud Forensics Tools
Christopher Doman
Cloud Forensics and Incident Response Training.pdf
Cloud Forensics and Incident Response Training.pdf
Christopher Doman
AWS Guard Duty Forensics & Incident Response.pdf
AWS Guard Duty Forensics & Incident Response.pdf
Christopher Doman
EKS Forensics & Incident Response.pdf
EKS Forensics & Incident Response.pdf
Christopher Doman
AWS IAM Forensics & Incident Response
AWS IAM Forensics & Incident Response
Christopher Doman
AWS Forensics & Incident Response
AWS Forensics & Incident Response
Christopher Doman
Lambda Forensics & Incident Response.pdf
Lambda Forensics & Incident Response.pdf
Christopher Doman
Case Studies Denonia - Lambda DFIR.pdf
Case Studies Denonia - Lambda DFIR.pdf
Christopher Doman
Cloud Security Fundamentals for Forensics and Incident Response.pdf
Cloud Security Fundamentals for Forensics and Incident Response.pdf
Christopher Doman
AWS Detective Forensics & Incident Response.pdf
AWS Detective Forensics & Incident Response.pdf
Christopher Doman
Google Cloud Forensics & Incident Response
Google Cloud Forensics & Incident Response
Christopher Doman
GKE Forensics & Incident Response.pdf
GKE Forensics & Incident Response.pdf
Christopher Doman
AWS SSM Forensics and Incident Response
AWS SSM Forensics and Incident Response
Christopher Doman
Kubernetes Docker Forensics & Incident Response.pdf
Kubernetes Docker Forensics & Incident Response.pdf
Christopher Doman
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Christopher Doman
EC2 Forensics & Incident Response.pdf
EC2 Forensics & Incident Response.pdf
Christopher Doman
More from Christopher Doman
(20)
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdf
A New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud Forensics
Cloud Forensics Tools
Cloud Forensics Tools
Cloud Forensics and Incident Response Training.pdf
Cloud Forensics and Incident Response Training.pdf
AWS Guard Duty Forensics & Incident Response.pdf
AWS Guard Duty Forensics & Incident Response.pdf
EKS Forensics & Incident Response.pdf
EKS Forensics & Incident Response.pdf
AWS IAM Forensics & Incident Response
AWS IAM Forensics & Incident Response
AWS Forensics & Incident Response
AWS Forensics & Incident Response
Lambda Forensics & Incident Response.pdf
Lambda Forensics & Incident Response.pdf
Case Studies Denonia - Lambda DFIR.pdf
Case Studies Denonia - Lambda DFIR.pdf
Cloud Security Fundamentals for Forensics and Incident Response.pdf
Cloud Security Fundamentals for Forensics and Incident Response.pdf
AWS Detective Forensics & Incident Response.pdf
AWS Detective Forensics & Incident Response.pdf
Google Cloud Forensics & Incident Response
Google Cloud Forensics & Incident Response
GKE Forensics & Incident Response.pdf
GKE Forensics & Incident Response.pdf
AWS SSM Forensics and Incident Response
AWS SSM Forensics and Incident Response
Kubernetes Docker Forensics & Incident Response.pdf
Kubernetes Docker Forensics & Incident Response.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
EC2 Forensics & Incident Response.pdf
EC2 Forensics & Incident Response.pdf
Recently uploaded
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
null - The Open Security Community
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Deakin University
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
The transition to renewables in India.pdf
The transition to renewables in India.pdf
Competition Advisory Services (India) LLP
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
BookNet Canada
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Recently uploaded
(20)
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
The transition to renewables in India.pdf
The transition to renewables in India.pdf
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Blackhat - Do you trust your Threat Intelligence
1.
© 2019 AT&T
IntellectualProperty. AT&T, Globe logo, andDIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliated companies. Allother marksare the property oftheir respectve owners. Do you trust your threat intelligence? Black Hat 2019 Christopher Doman, Principle Informaton Security Engineer, AT&T Alien Labs - @chrisdoman
2.
2 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Atackers are watching • A blog post was published September 2017 on how to track APT28 • Immediately, the group was harder to follow “ . . . a [blog] post burning the few tracking methods we have, likely for PR over substance” @safronsec, 2018
3.
3 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Some groups disappear quickly
4.
4 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Some disappear more slowly APT1 report released February 18, 2013 Old infrastructure New infrastructure See “M-Trends 2014”, FireEye for more informaton 66.79.165.154 208.44.242.107
5.
5 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Did group members contnue in other groups? See “APT1 & putter panda: collaboration or a shared contractor?”, PwC / @tlansec for more information Barkiofork / APT1 Matchaldru / Puter Panda hgcurtain.com
6.
6 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Or digital quartermasters? See "A Detailed Examinaton of the Siesta Campaign", FireEye March 2014 for more informaton Poison Ivy / APT1 Poison Ivy / APT10 Shared Icon fb080cef60846... PDF
7.
7 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. “The mysterious return of years-old malware” in 2018? Malware author known as "feng_911" (2006-09-22), Babyface Backdoor htp://read.pudn.com/downloads62/sourcecode/hack/trojan/215589/SRC/Client/ClientDlg.cpp__.htm
8.
8 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Some like atenton
9.
9 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Some don’t like atenton
10.
10 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Atackers watch platorms too
11.
11 © 2019
AT&T Intellectual Property. AT&T, Globe logo, andDIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliated companies. Allother marksare the property oftheir respectve owners. So, can you trust sharing partners?
12.
12 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Example sharing platorm: VirusTotal User uploads sample of new malware to VirusTotal If Vendor B doesn’t detect the malware They get a hint to write a new signature Vendor A writes signature for new malware > > >
13.
13 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Theoretcal atack demonstrated Create benign binaries and write own signatures See “On the way to beter testng” by Kaspersky Submit to VirusTotal The binaries are initally detected by just your engine Over 20 vendors then start detectng as malicious too > > >
14.
14 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Sophistcated atack seen in the wild Take multple versions of benign binaries Insert “known bad fragments” to benign binaries Submit to VirusTotal Watch false positves cascade > > >
15.
15 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Non-sharing vendors kicked out of VirusTotal “There are a number of endpoint products that use VirusTotal to determine if a fle is malicious. Without any contributon to the community. Without giving anything in return.” Alex Eckelberry, 2016 A. Eckelberry (2017-05-04), "A BOMB JUST DROPPED IN ENDPOINT SECURITY… AND I’M NOT SURE ANYONE NOTICED" Retreived from htp://blog.eckelberry.com/a-bomb-just-dropped-in-endpoint-security-and-im-not-sure-anyone-notced/
16.
16 © 2019
AT&T Intellectual Property. AT&T, Globe logo, andDIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliated companies. Allother marksare the property oftheir respectve owners. Should you share atack code?
17.
17 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Hidden Tear, should it have been shared? Open source ransomware shared for "educatonal use" v1
18.
18 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Hidden Tear, should it have been shared? Author retrieves victms fles using a backdoor 13-year-old removes the backdoor 3 Blackmailed into taking down code “I’m sorry. I failed this tme.” Now . . . v2 v3
19.
19 © 2019
AT&T Intellectual Property. AT&T, Globe logo, andDIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliated companies. Allother marksare the property oftheir respectve owners. Can your SOC trust open source informaton?
20.
20 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Don’t trust everything you read online “First Law of Thermodynamics”, Wikipedia Retrieved from htps://en.wikipedia.org/wiki/First_law_of_thermodynamics Creatve Commons Atributon-ShareAlike
21.
21 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Whitelists
22.
22 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Whitelists / warning lists Cisco Umbrella misp-warninglistsTM
23.
23 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. DIY IPv4 whitelists Domain Whitelist IPv4 /24
24.
24 © 2019
AT&T Intellectual Property. AT&T, Globe logo, andDIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliated companies. Allother marksare the property oftheir respectve owners. Future threat intelligence sharing
25.
25 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Building a domain oracle using AI machine learning xgboost
26.
26 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Automated indicator generaton Malware sample Domains from sandbox Domain Oracle> >
27.
27 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. Automated indicator pivots?
28.
28 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. New types of sharing — JA3 See “JA3 Fingerprints”, https://sslbl.abuse.ch/ja3-fingerprints/ for more informaton
29.
29 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. New types of sharing — Sigma See “Sigma”, https://github.com/Neo23x0/sigma/ for more informaton
30.
30 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. New types of sharing - OsQuery
31.
31 © 2019
AT&T IntellectualProperty. AT&T, Globe logo, and DIRECTV are registeredtrademarksandservice marks of AT&T IntellectualPropertyand/or AT&T afliatedcompanies. Allother marksare the propertyof their respectve owners. In summary . . . Share how to detect, but be careful sharing how to track Trust your sharing partners, but verify their data Lots of room for automaton, but manual verifcaton is stll needed
Download now