“White Hat Anonymity”: Current challenges
security researchers face preforming
actionable OSINT
Christopher R. Barber, CIS...
Introduction
• Member of Solutionary’s Security Engineering Research Team
(SERT) specializing in threat intelligence and a...
Outline
• Challenges
• Establishing Anonymity

• OSINT Tools and Techniques
• Sources
• Information Sharing
Challenges
• Anonymity Challenges
• Source Information Challenges
• Intelligence Sharing Challenges
Anonymity Challenges
• Security policy prohibits the use of 3rd party VPN
providers and access to TOR network

• Lack of f...
Source Information Challenges
• Large volumes of information from a diverse
collection of sources
• Being able to discern ...
Intelligence Sharing Challenges
• Conflicts between organizations due to
differences in security policies
• Lack of securi...
Establishing Anonymity
• Having an unknown or unacknowledged name
• Having an unknown or withheld authorship or agency
• H...
Digital Paper Trail: The bread crumbs left as we
traverse the cyber domain.
• IP Address
• User Agent
• Cookies
• Behavior...
Anonymizing Service Providers
•
•
•
•
•
•

Private Internet Access
HideMyAss
BlackVPN
IVPN
AirVPN
TorGuard
Anonymizing Virtual Machines
• Whonix
• Tor Middlebox
• Tails VM
Whonix
Tor Middlebox
• Works as proxy between host machine and
Virtualbox
• Routes all VM traffic through Tor proxy on
host machi...
Tails Virtual Machine
Open-Source Intelligence
• Collection and analysis of information
gathered from publicly available
sources
• Sources invol...
Tools and Techniques for OSINT
• Collection Tools
• Search Engines
• Social Media
• Intelligence sources
Collection Tools
• Paterva/Maltego
• Recorded Future
Maltego
Recorded Future
Search Engines
• Google Custom Searches
• Iseek
• Addic-to-matic
• Shodan
Google Custom Search
Google Custom Search
iSeek
Addict-o-matic
Shodan
Social Media
• Facebook
• Twitter
• Google+
Dump Sites
•
•
•
•
•
•

Pastebin
Reddit
AnonPaste
PirateBay
Zone-H
Pastie
Honey Pots and Nets
• Provides automated method for distributed
traffic analysis.
• Provides early signs of malware or bot...
Intelligence Sources
•
•
•
•

Cyber War News
The Hacker News
Darkreading.com
FirstHackNews
Shared Intelligence
• Intelligence Sharing Organizations

• Intelligence Assimilation and Sharing
Applications
Intelligence Sharing Organizations
Intelligence Assimilation and Sharing
Applications
• Structure Threat Information
eXpression (STIX)
• Trusted Automated eX...
Intelligence in Depth
• Intelligence research and analysis
should be practiced with the idea of
“defense in depth”.
• Vali...
Solutionary’s 2013 Global Threat
Intelligence Report
http://go.solutionary.com/GTIR.html

Solutionary Minds Blog
http://ww...
Thank You
Questions?
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT b...
Upcoming SlideShare
Loading in …5
×

TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber

599 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
599
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber

  1. 1. “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT Christopher R. Barber, CISSP, C|EHv7 Threat Analyst Solutionary Inc. Security Engineering Research Team (SERT)
  2. 2. Introduction • Member of Solutionary’s Security Engineering Research Team (SERT) specializing in threat intelligence and analysis • Research and discovery of emerging threats and vulnerabilities • Use of Open-Source Intelligence Techniques(OSINT) for tracking threat actor activities • Analysis of threat landscape trends monthly and high level analysis annually
  3. 3. Outline • Challenges • Establishing Anonymity • OSINT Tools and Techniques • Sources • Information Sharing
  4. 4. Challenges • Anonymity Challenges • Source Information Challenges • Intelligence Sharing Challenges
  5. 5. Anonymity Challenges • Security policy prohibits the use of 3rd party VPN providers and access to TOR network • Lack of funds, resources and personnel for the development of secure anonymous channels.
  6. 6. Source Information Challenges • Large volumes of information from a diverse collection of sources • Being able to discern between valid information and injected disinformation • Personnel and Resources
  7. 7. Intelligence Sharing Challenges • Conflicts between organizations due to differences in security policies • Lack of security from collaborating organization leads to pivot point for compromise
  8. 8. Establishing Anonymity • Having an unknown or unacknowledged name • Having an unknown or withheld authorship or agency • Having no distinctive character or recognition factor • Being able to gather information in a manner that does not reveal your personal, professional, or organizations identity
  9. 9. Digital Paper Trail: The bread crumbs left as we traverse the cyber domain. • IP Address • User Agent • Cookies • Behavioral habits
  10. 10. Anonymizing Service Providers • • • • • • Private Internet Access HideMyAss BlackVPN IVPN AirVPN TorGuard
  11. 11. Anonymizing Virtual Machines • Whonix • Tor Middlebox • Tails VM
  12. 12. Whonix
  13. 13. Tor Middlebox • Works as proxy between host machine and Virtualbox • Routes all VM traffic through Tor proxy on host machine
  14. 14. Tails Virtual Machine
  15. 15. Open-Source Intelligence • Collection and analysis of information gathered from publicly available sources • Sources involve any form of electronic or printed material available in the public domain • Intelligence is obtained through the statistical analysis of the occurrence and relationships between pieces of information
  16. 16. Tools and Techniques for OSINT • Collection Tools • Search Engines • Social Media • Intelligence sources
  17. 17. Collection Tools • Paterva/Maltego • Recorded Future
  18. 18. Maltego
  19. 19. Recorded Future
  20. 20. Search Engines • Google Custom Searches • Iseek • Addic-to-matic • Shodan
  21. 21. Google Custom Search
  22. 22. Google Custom Search
  23. 23. iSeek
  24. 24. Addict-o-matic
  25. 25. Shodan
  26. 26. Social Media • Facebook • Twitter • Google+
  27. 27. Dump Sites • • • • • • Pastebin Reddit AnonPaste PirateBay Zone-H Pastie
  28. 28. Honey Pots and Nets • Provides automated method for distributed traffic analysis. • Provides early signs of malware or botnet activities.
  29. 29. Intelligence Sources • • • • Cyber War News The Hacker News Darkreading.com FirstHackNews
  30. 30. Shared Intelligence • Intelligence Sharing Organizations • Intelligence Assimilation and Sharing Applications
  31. 31. Intelligence Sharing Organizations
  32. 32. Intelligence Assimilation and Sharing Applications • Structure Threat Information eXpression (STIX) • Trusted Automated eXchange of Indicator Information (TAXII) • Common Attack Pattern Enumeration and Classification (CAPEC)
  33. 33. Intelligence in Depth • Intelligence research and analysis should be practiced with the idea of “defense in depth”. • Validity and actionable predictions can only be made with the collective analysis of multiple sources.
  34. 34. Solutionary’s 2013 Global Threat Intelligence Report http://go.solutionary.com/GTIR.html Solutionary Minds Blog http://www.solutionary.com/resourcecenter/blog/
  35. 35. Thank You Questions?

×