SlideShare a Scribd company logo

Threat Intelligence

Deepak Kumar (D3)
Deepak Kumar (D3)

Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them. It is information that is relevant to the organization, has business value, and is actionable. If you having all data and feeds then data alone isn’t intelligence. #Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak

Education
1 of 17
Download to read offline
EVERY CRIME LEAVES A TRAIL OF EVIDENCE D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
DISCLAIMER Different organisations are subject to different laws and regulations. This resource is for educational and research purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else affiliated in any way, is liable for your actions. Some information from the internet and some of personal experience; doesn’t want to hurt anybody ☺ D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
“If you know the enemy and know yourself, you need not fear the result of a hundred battles” - Sun Tzu D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
• National Security • Critical National Infrastructure • Cyber-Warfare • Computer Crime • Organized Crime • Identity Theft • Extortion • Non-State Actors • Terrorists • Political Activists D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Threat & Threat Agents Non-Hostile • Reckless employee • Untrained employee • Partners Hostile • eCrime • Nation-state cyber warrior • Industrial espionage • … Intent: Fun, Theft, Disruption, Reputation, Espionage …
Anything likely to cause damage or danger + Ability to acquire and apply knowledge and skills = Threat Intelligence D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE “Gartner defines threat intelligence as "Threat intelligence is evidence- based knowledge (e.g., context, mechanisms, indicators, implications and action-oriented advice) about existing or emerging menaces or hazards to assets." – Gartner Mail Metadata Malware Phish Spoof Activity Audit activities Click trace TI Sources GeoIP Threat indicators DLP hits Machine infections Information Insight/Analysis Again, What is Threat Intelligence?
Strategic: Broader trends typically meant for a non technical audience Tactical: Outlines of tactics, techniques, and procedures of threat actors for a more technical audience Operational: Technical details about specific attacks and campaigns Solution Integrate with machine learning that connect dots and provide context on indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) of threat actor D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Threat Intel Categories
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE • Phishing Detection • Incident Response Knowledge Base • Vulnerability Prioritisation • Fraud Detection • Forensics RCA (root cause analysis) • Brand Monitoring Use case examples Threat Analysis Collection Processing Analysis & ProductionValidation Dissemination Projection
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE What am I trying to protect? Have you identified your crown jewels and how they are both protected and at risk? Do you know who/what you are protecting it from? Do you have a plan for protecting your assets from actors or risk identified?
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Internally Generated Analysis • IOC hunters – Vendor • End Point Protection • Security Operation • Vulnerability Management Information Sharing • Sectoral – Financial services, public sector • Geographic – local CERT • NIS Directive Organisation Specific • Your “Organisation” information • Social media • Boards • Dark web • Customer or organisation phishing campaigns Generic External • Open source • Subscription based - X-Force, Digital Shadows, Deepsight • Raw e.g. XSS, JSON, TXT • Indicators of compromise (IOCs) • Tactics techniques and procedures TTPs Operational Information & Intel Feeds
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE TLP – Traffic Light Protocol What is TLP? A set of designations to ensure that sensitive information is shared with the correct audience and that the recipient (s) understand if and how the information can be disseminated. Who Uses TLP? US-CERT, public and private sector organizations within: US, Australia, Canada, Finland, France, Germany, Hungary, India, Italy, Japan, Netherlands, New Zealand, Norway, Sweden, Switzerland and the United Kingdom.
Threat Intel Platform (TIP) Open Source: • CRITs • Soltra • MANTIS • MISP • OTX etc PS: Only for educational purposes For More: 1. https://github.com/hslatman/awesome-threat-intelligence 2. https://www.senki.org/operators-security-toolkit/open-source-threat-intelligence-feeds/
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE HELK : Enabling Advanced Analytics Capabilities Hunting ELK (Elasticsearch, Logstash, Kibana) : https://github.com/Cyb3rWard0g/HELK
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Kill Chain Analysis MITRE ATT&CK MATRIX Recon Weaponise Delivery Exploitation Installation C2 Actions & Objectives ➢ Task: Identify the Attackers’ Step by Step Process ➢ Goal: Disrupting Attackers’ operations ▪ Motivation ▪ Preparation ▪ Configuration ▪ Packaging ▪ Mechanism of Delivery ▪ Infection Vector ▪ Technical or human? ▪ Applications affected ▪ Method & Characteristics ▪ Persistence ▪ Characteristic s of change ▪ Acquiring additional components ▪ Communication between victim & adversary ▪ What the adversary does when they have control of the system MITRE ATT&CK: ▪ Active Scanning ▪ Passive Scanning ▪ Determine Domain & IP Address Space ▪ Analyze Third-Party IT Footprint MITRE ATT&CK: ▪ Malware ▪ Scripting ▪ Service Execution MITRE ATT&CK: ▪ Spearphishing Attachment/Link ▪ Exploit Public- Facing Application ▪ Supply Chain Compromise MITRE ATT&CK: ▪ Local Job Scheduling ▪ Scripting ▪ Rundll32 MITRE ATT&CK: ▪ Application Shimming ▪ Hooking ▪ Login Items MITRE ATT&CK: ▪ Data Obfuscation ▪ Domain Fronting ▪ Web Service MITRE ATT&CK: ▪ Email Collection ▪ Data from Local System/Network Share
USE CASE : IP Theft o Employee Resigned o Joined New Company o Data theft o Type of data (pdf, xlsx) o Browser history cleared o No data in Recycle bin o Formatted USB ✓ Forensics Imaging (Physical If required) ✓ Timeline ✓ Machine (Laptop/Desktop) : User info (SID) ✓ Data Recovery (Specific data formats) ✓ Mail Check (pst,ost, lotus etc) ✓ SIEM/DLP logs (Data copied) ✓ Firewall (3rd party URL data uploaded) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Q U E S T I O N A N S W E R
D3pak@Protonmail.com Resources : D3pakblog.wordpress.com D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Thank You

Recommended

How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 

Recommended

How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNorth Texas Chapter of the ISSA
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : OverviewDeepak Kumar (D3)
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 

More Related Content

What's hot

Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 

What's hot (20)

Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cyber security
Cyber securityCyber security
Cyber security
 

Similar to Threat Intelligence

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Spyglass Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Chris Sistrunk
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 

Similar to Threat Intelligence (20)

Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : Overview
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Cyber Forensics
Cyber Forensics Cyber Forensics
Cyber Forensics
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
2016 to 2021
2016 to 20212016 to 2021
2016 to 2021
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years.
 
Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
 

More from Deepak Kumar (D3)

Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
How to social/official network
How to social/official networkHow to social/official network
How to social/official networkDeepak Kumar (D3)
 
Smartphone Forensic Acquisition guide
Smartphone Forensic Acquisition guideSmartphone Forensic Acquisition guide
Smartphone Forensic Acquisition guideDeepak Kumar (D3)
 

More from Deepak Kumar (D3) (20)

THINK
THINKTHINK
THINK
 
Cyber Security Tips
Cyber Security TipsCyber Security Tips
Cyber Security Tips
 
CISSP INFORGRAPH MINDMAP
CISSP INFORGRAPH MINDMAPCISSP INFORGRAPH MINDMAP
CISSP INFORGRAPH MINDMAP
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & Tips
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber Crime
 
21st Century Cyber Forensics
21st Century Cyber Forensics21st Century Cyber Forensics
21st Century Cyber Forensics
 
Phishing
PhishingPhishing
Phishing
 
IoT
IoTIoT
IoT
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Ransomware
Ransomware Ransomware
Ransomware
 
Success Mantra
Success MantraSuccess Mantra
Success Mantra
 
Facebook Security Tips
Facebook Security TipsFacebook Security Tips
Facebook Security Tips
 
DDOS
DDOS DDOS
DDOS
 
Registry Registrar Registrant
Registry Registrar RegistrantRegistry Registrar Registrant
Registry Registrar Registrant
 
Whatsapp
WhatsappWhatsapp
Whatsapp
 
How to social/official network
How to social/official networkHow to social/official network
How to social/official network
 
Sexting
SextingSexting
Sexting
 
Phishing Scam
Phishing ScamPhishing Scam
Phishing Scam
 
Smartphone Forensic Acquisition guide
Smartphone Forensic Acquisition guideSmartphone Forensic Acquisition guide
Smartphone Forensic Acquisition guide
 

Recently uploaded

Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 

Recently uploaded (20)

Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 

Threat Intelligence

  • 1. EVERY CRIME LEAVES A TRAIL OF EVIDENCE D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 2. DISCLAIMER Different organisations are subject to different laws and regulations. This resource is for educational and research purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else affiliated in any way, is liable for your actions. Some information from the internet and some of personal experience; doesn’t want to hurt anybody ☺ D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 3. “If you know the enemy and know yourself, you need not fear the result of a hundred battles” - Sun Tzu D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 4. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 5. • National Security • Critical National Infrastructure • Cyber-Warfare • Computer Crime • Organized Crime • Identity Theft • Extortion • Non-State Actors • Terrorists • Political Activists D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Threat & Threat Agents Non-Hostile • Reckless employee • Untrained employee • Partners Hostile • eCrime • Nation-state cyber warrior • Industrial espionage • … Intent: Fun, Theft, Disruption, Reputation, Espionage …
  • 6. Anything likely to cause damage or danger + Ability to acquire and apply knowledge and skills = Threat Intelligence D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 7. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE “Gartner defines threat intelligence as "Threat intelligence is evidence- based knowledge (e.g., context, mechanisms, indicators, implications and action-oriented advice) about existing or emerging menaces or hazards to assets." – Gartner Mail Metadata Malware Phish Spoof Activity Audit activities Click trace TI Sources GeoIP Threat indicators DLP hits Machine infections Information Insight/Analysis Again, What is Threat Intelligence?
  • 8. Strategic: Broader trends typically meant for a non technical audience Tactical: Outlines of tactics, techniques, and procedures of threat actors for a more technical audience Operational: Technical details about specific attacks and campaigns Solution Integrate with machine learning that connect dots and provide context on indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) of threat actor D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Threat Intel Categories
  • 9. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE • Phishing Detection • Incident Response Knowledge Base • Vulnerability Prioritisation • Fraud Detection • Forensics RCA (root cause analysis) • Brand Monitoring Use case examples Threat Analysis Collection Processing Analysis & ProductionValidation Dissemination Projection
  • 10. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE What am I trying to protect? Have you identified your crown jewels and how they are both protected and at risk? Do you know who/what you are protecting it from? Do you have a plan for protecting your assets from actors or risk identified?
  • 11. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Internally Generated Analysis • IOC hunters – Vendor • End Point Protection • Security Operation • Vulnerability Management Information Sharing • Sectoral – Financial services, public sector • Geographic – local CERT • NIS Directive Organisation Specific • Your “Organisation” information • Social media • Boards • Dark web • Customer or organisation phishing campaigns Generic External • Open source • Subscription based - X-Force, Digital Shadows, Deepsight • Raw e.g. XSS, JSON, TXT • Indicators of compromise (IOCs) • Tactics techniques and procedures TTPs Operational Information & Intel Feeds
  • 12. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE TLP – Traffic Light Protocol What is TLP? A set of designations to ensure that sensitive information is shared with the correct audience and that the recipient (s) understand if and how the information can be disseminated. Who Uses TLP? US-CERT, public and private sector organizations within: US, Australia, Canada, Finland, France, Germany, Hungary, India, Italy, Japan, Netherlands, New Zealand, Norway, Sweden, Switzerland and the United Kingdom.
  • 13. Threat Intel Platform (TIP) Open Source: • CRITs • Soltra • MANTIS • MISP • OTX etc PS: Only for educational purposes For More: 1. https://github.com/hslatman/awesome-threat-intelligence 2. https://www.senki.org/operators-security-toolkit/open-source-threat-intelligence-feeds/
  • 14. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE HELK : Enabling Advanced Analytics Capabilities Hunting ELK (Elasticsearch, Logstash, Kibana) : https://github.com/Cyb3rWard0g/HELK
  • 15. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Kill Chain Analysis MITRE ATT&CK MATRIX Recon Weaponise Delivery Exploitation Installation C2 Actions & Objectives ➢ Task: Identify the Attackers’ Step by Step Process ➢ Goal: Disrupting Attackers’ operations ▪ Motivation ▪ Preparation ▪ Configuration ▪ Packaging ▪ Mechanism of Delivery ▪ Infection Vector ▪ Technical or human? ▪ Applications affected ▪ Method & Characteristics ▪ Persistence ▪ Characteristic s of change ▪ Acquiring additional components ▪ Communication between victim & adversary ▪ What the adversary does when they have control of the system MITRE ATT&CK: ▪ Active Scanning ▪ Passive Scanning ▪ Determine Domain & IP Address Space ▪ Analyze Third-Party IT Footprint MITRE ATT&CK: ▪ Malware ▪ Scripting ▪ Service Execution MITRE ATT&CK: ▪ Spearphishing Attachment/Link ▪ Exploit Public- Facing Application ▪ Supply Chain Compromise MITRE ATT&CK: ▪ Local Job Scheduling ▪ Scripting ▪ Rundll32 MITRE ATT&CK: ▪ Application Shimming ▪ Hooking ▪ Login Items MITRE ATT&CK: ▪ Data Obfuscation ▪ Domain Fronting ▪ Web Service MITRE ATT&CK: ▪ Email Collection ▪ Data from Local System/Network Share
  • 16. USE CASE : IP Theft o Employee Resigned o Joined New Company o Data theft o Type of data (pdf, xlsx) o Browser history cleared o No data in Recycle bin o Formatted USB ✓ Forensics Imaging (Physical If required) ✓ Timeline ✓ Machine (Laptop/Desktop) : User info (SID) ✓ Data Recovery (Specific data formats) ✓ Mail Check (pst,ost, lotus etc) ✓ SIEM/DLP logs (Data copied) ✓ Firewall (3rd party URL data uploaded) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Q U E S T I O N A N S W E R
  • 17. D3pak@Protonmail.com Resources : D3pakblog.wordpress.com D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Thank You