SlideShare a Scribd company logo

The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Threat Research Team - Willis McDonald, Threat Research Manager, Core Security

Core Security
Core Security

How do you separate the good from the bad actors? Put on your white hat as we go on an adventure to separate the wheat from the chaff; or the good from the bad and not so bad. Join us for a chance to learn from our Threat Research team and how they track and expose threat operators and build that intelligence into Network Insight. Not only that, but discover the different ways our Threat Research team is able to apply their findings. This will be an insightful session for anyone interested in learning more about a day in the life of a threat researcher.

Software
1 of 23
Download to read offline
CONNECT  2017   The  Good,  the  Bad,  and  the  not  so  bad
AGENDA • Threat  Research • Threat  Actors  and  Attribution • Carbanak Gang  /  FIN7 • Getting  Started  with  Threat  Research • Q&A
L E A R N M O R E Willis  McDonald Threat  Research  Manager,   Core  Security
About  Me Subtitle  left Threat  Research  Manager  at  Core  Security Past: • 20  years  of  experience  in  security  and  administration • Offensive  operations  with  Federal  LE  and  Intelligence  Community • Forensic  investigations  for  Federal  LE  and  the  Intelligence  Community • Red  team  and  blue  team  for  government  and  financial  institutions
Threat  Research Threat  Detection • Develop  ML  algorithms • Indicator  Research • Develop  Tools  for  Detection
Threat  Research Threat  Intelligence • Tools • Tactics • Infrastructure • Procedures • Targets
Threat  Actors What?
Threat  Actors Attribution
P R E V E N T   B R E A C H E S Know  How  to  Stop  Them K N O W  Y O U R   A D V E R S A R Y Know  What  They’re  After  When   They  Target  You R E S P O N D   W I T H   I N T E L L I G E N C E Know  How  to  Respond  When  They   Get  In  and  Reduce  Dwell  Time Why  Attribution?
Attribution  Process
1.2T Emerging  C2  Infrastructure Unique  Queries  Daily 200K Malicious  Files  Effecting  Enterprises Binaries  Collected 10  Yrs Infrastructure  Tracking Historical  DNS  Data 750 Infection  Trends Observed  Devices Tracking  Data Device  Telemetry  from  Enterprise  and  ISP  Networks
Carbanak Gang BadEyeballWreckers
2014 Carbanak Reported $1Bn  Stolen  From   Banking  Industry 2013 Carbanak Appears First  samples  of   Carbanak malware   Discovered 2016 Retail   Targeted Carbanak Appears   in  Retail  Card   Processors 2015 Hospitality   Targeted Hotel  Industry  POS   Attacks 2017 Restaurant   Chains Large  Restaurant   Chains  targeted   with  new  malware Carbanak Gang BadEyeballWreckers
Carbanak Gang 2016-­‐2017  Activities • 2016-­‐2017    Carbanak Targets  Restaurant  Chains • 2017-­‐04-­‐25  Chipotle  reports  breach • Others  targeted  for  POS  systems • Utilized  DNSMESSENGER  backdoor  to  evade  detection   • 2017-­‐02-­‐13  Alerts  from  Network  Insight  devices  point  to  suspicious  DNS   activity  later  identified  as  Carbanak’s exfil over  DNS
Carbanak Gang DNSMESSENGER • 2017-­‐02-­‐27    A  single  client  in  a  customer  network  queries  a  domain  2787   times  in  an  hour  with  extremely  long  query  lengths • Query  Format: • [a-­‐z]{3,4}.[a-­‐f0-­‐9]{57}.[a-­‐f0-­‐9]{56,57}.[a-­‐f0-­‐9]{8,10}.[0-­‐9]{5,8}.<domain>
Carbanak Gang DNSMESSENGER • 2016-­‐02-­‐27: First  records  of  malicious  activity  identified  on  2017-­‐02-­‐27  using  the  same   format  for  file  transfer  over  DNS. • 2017-­‐03-­‐02:   Security  vendors  started  alerting  users  to  this  same  activity  after  obtaining   the  malicious  files.
Getting  Started Data • Passive  DNS • Internal  Threat  Intelligence • Bridging  IT,  Security  and  IA • External  Threat  Intelligence • We  sell  ourselves! • There  are  other  great  TI  subscriptions  also • OSINT • It’s  free  but  time  consuming
Getting  Started Tools • Paterva Maltego • A  picture  is  worth  a  thousand  words • Analyst’s  Notebook  is  great  also • IDA  Pro • Great  for  analyzing  binaries  but  there’s  a  steep  learning  curve • Scripting  Languages • Pick  a  few  to  get  the  job  done • Yara • People • People  are  tools
Getting  Started Community • ISACS • Intelligence  Sharing  Groups • Be  careful • Be  Thick  Skinned • Honor  Protocol
Problems The  internet  is  a  strange  place Things  that  look  strange  are  not  always  malicious.    Legitimate  applications  employ   evasion  techniques  to  bypass  filtering.
Questions?
Contact  Me Email: wmcdonald@coresecurity.com LinkedIn: https://www.linkedin.com/in/willis-­‐ mcdonald Twitter: @arnolds_brother
THANK  YOU

Recommended

Sounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingSounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingQuest
 
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Quest
 
Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Quest
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNorth Texas Chapter of the ISSA
 
Investigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachInvestigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachQuest
 
Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New ScopeThreatConnect
 
The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlinePhishLabs
 
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware ExplosionPhishLabs
 

Recommended

Sounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingSounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingQuest
 
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Quest
 
Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Quest
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNorth Texas Chapter of the ISSA
 
Investigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachInvestigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachQuest
 
Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New ScopeThreatConnect
 
The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlinePhishLabs
 
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware ExplosionPhishLabs
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
 
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13Project Control | PROJ CTRL
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
 
GraphTalk Helsinki - Introduction to Graphs and Neo4j
GraphTalk Helsinki - Introduction to Graphs and Neo4jGraphTalk Helsinki - Introduction to Graphs and Neo4j
GraphTalk Helsinki - Introduction to Graphs and Neo4jNeo4j
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?PECB
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1North Texas Chapter of the ISSA
 
Connections Drive Digital Transformation
Connections Drive Digital TransformationConnections Drive Digital Transformation
Connections Drive Digital TransformationNeo4j
 
Digital Transformation and the Journey to a Highly Connected Enterprise
Digital Transformation and the Journey to a Highly Connected EnterpriseDigital Transformation and the Journey to a Highly Connected Enterprise
Digital Transformation and the Journey to a Highly Connected EnterpriseNeo4j
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
RWDG Slides: Apply Data Governance to Agile Efforts
RWDG Slides: Apply Data Governance to Agile EffortsRWDG Slides: Apply Data Governance to Agile Efforts
RWDG Slides: Apply Data Governance to Agile EffortsDATAVERSITY
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...MHM (Mayer Hoffman McCann P.C.)
 
Ransomware: The Impact is Real
Ransomware: The Impact is RealRansomware: The Impact is Real
Ransomware: The Impact is RealNICSA
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud securityPeter Wood
 
RWDG Webinar: The New Non-Invasive Data Governance Framework
RWDG Webinar: The New Non-Invasive Data Governance FrameworkRWDG Webinar: The New Non-Invasive Data Governance Framework
RWDG Webinar: The New Non-Invasive Data Governance FrameworkDATAVERSITY
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRed7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRobert Grupe, CSSLP CISSP PE PMP
 
How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...Core Security
 
Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Core Security
 

More Related Content

Similar to The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Threat Research Team - Willis McDonald, Threat Research Manager, Core Security

Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
 
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13Project Control | PROJ CTRL
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
 
GraphTalk Helsinki - Introduction to Graphs and Neo4j
GraphTalk Helsinki - Introduction to Graphs and Neo4jGraphTalk Helsinki - Introduction to Graphs and Neo4j
GraphTalk Helsinki - Introduction to Graphs and Neo4jNeo4j
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?PECB
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1North Texas Chapter of the ISSA
 
Connections Drive Digital Transformation
Connections Drive Digital TransformationConnections Drive Digital Transformation
Connections Drive Digital TransformationNeo4j
 
Digital Transformation and the Journey to a Highly Connected Enterprise
Digital Transformation and the Journey to a Highly Connected EnterpriseDigital Transformation and the Journey to a Highly Connected Enterprise
Digital Transformation and the Journey to a Highly Connected EnterpriseNeo4j
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
RWDG Slides: Apply Data Governance to Agile Efforts
RWDG Slides: Apply Data Governance to Agile EffortsRWDG Slides: Apply Data Governance to Agile Efforts
RWDG Slides: Apply Data Governance to Agile EffortsDATAVERSITY
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...MHM (Mayer Hoffman McCann P.C.)
 
Ransomware: The Impact is Real
Ransomware: The Impact is RealRansomware: The Impact is Real
Ransomware: The Impact is RealNICSA
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud securityPeter Wood
 
RWDG Webinar: The New Non-Invasive Data Governance Framework
RWDG Webinar: The New Non-Invasive Data Governance FrameworkRWDG Webinar: The New Non-Invasive Data Governance Framework
RWDG Webinar: The New Non-Invasive Data Governance FrameworkDATAVERSITY
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRed7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRobert Grupe, CSSLP CISSP PE PMP
 

Similar to The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Threat Research Team - Willis McDonald, Threat Research Manager, Core Security (20)

Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
 
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
Pm blackjack the21thingsyour-projectsponsorreallywantstoknow.-presentation_13
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
 
GraphTalk Helsinki - Introduction to Graphs and Neo4j
GraphTalk Helsinki - Introduction to Graphs and Neo4jGraphTalk Helsinki - Introduction to Graphs and Neo4j
GraphTalk Helsinki - Introduction to Graphs and Neo4j
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Connections Drive Digital Transformation
Connections Drive Digital TransformationConnections Drive Digital Transformation
Connections Drive Digital Transformation
 
Digital Transformation and the Journey to a Highly Connected Enterprise
Digital Transformation and the Journey to a Highly Connected EnterpriseDigital Transformation and the Journey to a Highly Connected Enterprise
Digital Transformation and the Journey to a Highly Connected Enterprise
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
RWDG Slides: Apply Data Governance to Agile Efforts
RWDG Slides: Apply Data Governance to Agile EffortsRWDG Slides: Apply Data Governance to Agile Efforts
RWDG Slides: Apply Data Governance to Agile Efforts
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
 
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
 
Ransomware: The Impact is Real
Ransomware: The Impact is RealRansomware: The Impact is Real
Ransomware: The Impact is Real
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
 
RWDG Webinar: The New Non-Invasive Data Governance Framework
RWDG Webinar: The New Non-Invasive Data Governance FrameworkRWDG Webinar: The New Non-Invasive Data Governance Framework
RWDG Webinar: The New Non-Invasive Data Governance Framework
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRed7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
 

More from Core Security

How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...Core Security
 
Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Core Security
 
Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Core Security
 
Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career Core Security
 
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...Core Security
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityCore Security
 
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...Core Security
 
Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...Core Security
 
Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security Core Security
 
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...Core Security
 
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...Core Security
 
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...Core Security
 
The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security Core Security
 
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core SecurityVulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core SecurityCore Security
 
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...Core Security
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sectorCore Security
 

More from Core Security (20)

How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...
 
Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks
 
Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1
 
Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career
 
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
 
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
 
Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...
 
Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security
 
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
 
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
 
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
 
The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security
 
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core SecurityVulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
 
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 

Recently uploaded

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 

Recently uploaded (20)

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 

The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Threat Research Team - Willis McDonald, Threat Research Manager, Core Security

  • 1. CONNECT  2017   The  Good,  the  Bad,  and  the  not  so  bad
  • 2. AGENDA • Threat  Research • Threat  Actors  and  Attribution • Carbanak Gang  /  FIN7 • Getting  Started  with  Threat  Research • Q&A
  • 3. L E A R N M O R E Willis  McDonald Threat  Research  Manager,   Core  Security
  • 4. About  Me Subtitle  left Threat  Research  Manager  at  Core  Security Past: • 20  years  of  experience  in  security  and  administration • Offensive  operations  with  Federal  LE  and  Intelligence  Community • Forensic  investigations  for  Federal  LE  and  the  Intelligence  Community • Red  team  and  blue  team  for  government  and  financial  institutions
  • 5. Threat  Research Threat  Detection • Develop  ML  algorithms • Indicator  Research • Develop  Tools  for  Detection
  • 6. Threat  Research Threat  Intelligence • Tools • Tactics • Infrastructure • Procedures • Targets
  • 9. P R E V E N T   B R E A C H E S Know  How  to  Stop  Them K N O W  Y O U R   A D V E R S A R Y Know  What  They’re  After  When   They  Target  You R E S P O N D   W I T H   I N T E L L I G E N C E Know  How  to  Respond  When  They   Get  In  and  Reduce  Dwell  Time Why  Attribution?
  • 11. 1.2T Emerging  C2  Infrastructure Unique  Queries  Daily 200K Malicious  Files  Effecting  Enterprises Binaries  Collected 10  Yrs Infrastructure  Tracking Historical  DNS  Data 750 Infection  Trends Observed  Devices Tracking  Data Device  Telemetry  from  Enterprise  and  ISP  Networks
  • 13. 2014 Carbanak Reported $1Bn  Stolen  From   Banking  Industry 2013 Carbanak Appears First  samples  of   Carbanak malware   Discovered 2016 Retail   Targeted Carbanak Appears   in  Retail  Card   Processors 2015 Hospitality   Targeted Hotel  Industry  POS   Attacks 2017 Restaurant   Chains Large  Restaurant   Chains  targeted   with  new  malware Carbanak Gang BadEyeballWreckers
  • 14. Carbanak Gang 2016-­‐2017  Activities • 2016-­‐2017    Carbanak Targets  Restaurant  Chains • 2017-­‐04-­‐25  Chipotle  reports  breach • Others  targeted  for  POS  systems • Utilized  DNSMESSENGER  backdoor  to  evade  detection   • 2017-­‐02-­‐13  Alerts  from  Network  Insight  devices  point  to  suspicious  DNS   activity  later  identified  as  Carbanak’s exfil over  DNS
  • 15. Carbanak Gang DNSMESSENGER • 2017-­‐02-­‐27    A  single  client  in  a  customer  network  queries  a  domain  2787   times  in  an  hour  with  extremely  long  query  lengths • Query  Format: • [a-­‐z]{3,4}.[a-­‐f0-­‐9]{57}.[a-­‐f0-­‐9]{56,57}.[a-­‐f0-­‐9]{8,10}.[0-­‐9]{5,8}.<domain>
  • 16. Carbanak Gang DNSMESSENGER • 2016-­‐02-­‐27: First  records  of  malicious  activity  identified  on  2017-­‐02-­‐27  using  the  same   format  for  file  transfer  over  DNS. • 2017-­‐03-­‐02:   Security  vendors  started  alerting  users  to  this  same  activity  after  obtaining   the  malicious  files.
  • 17. Getting  Started Data • Passive  DNS • Internal  Threat  Intelligence • Bridging  IT,  Security  and  IA • External  Threat  Intelligence • We  sell  ourselves! • There  are  other  great  TI  subscriptions  also • OSINT • It’s  free  but  time  consuming
  • 18. Getting  Started Tools • Paterva Maltego • A  picture  is  worth  a  thousand  words • Analyst’s  Notebook  is  great  also • IDA  Pro • Great  for  analyzing  binaries  but  there’s  a  steep  learning  curve • Scripting  Languages • Pick  a  few  to  get  the  job  done • Yara • People • People  are  tools
  • 19. Getting  Started Community • ISACS • Intelligence  Sharing  Groups • Be  careful • Be  Thick  Skinned • Honor  Protocol
  • 20. Problems The  internet  is  a  strange  place Things  that  look  strange  are  not  always  malicious.    Legitimate  applications  employ   evasion  techniques  to  bypass  filtering.