SlideShare a Scribd company logo

Incorporating Threat Intelligence into Your Enterprise Communications Systems - Solomon Sonya

Download as PPTX, PDF
EC-Council
EC-Council

It is well known that computer exploitation will continue to increase in prevalence and sophistication. Computer network attacks and data exfiltrations are most successful when the methods of exploitation traverse the entry and egress vectors that are least expected and least defended in your network. Most of the time, no matter how well your perimeter is guarded, the user still represents the weakest avenue into that network. A clear need exists to better protect data transmitted and received by the user. But what are we to do when signature-based detection has long been defeated and anomaly/heuristic-based detection is not yet where we need it to be? The solution lies in enhancing the defense paradigm via the incorporation of intelligence-based security (Threat Intelligence) in the analysis of threats and discovery of malicious activity affecting your network, data, and your protected clients.

Technology
1 of 20
Incorporating Threat Intelligence into Your Enterprise Communications Systems Solomon Sonya
Overview • About Me • Background • Understand need and use of Threat Intelligence • Construct Threat Intelligence Engine SUBTITLE/BY LINE
Background • Computer attacks continue to increase in prevalence and sophistication • What have we done to meet these threats? – Signature-Based Detection – Anomaly/Heurstic-Based Detection
Old Methods Have Failed or remain inadequate… • Signature-Based detection has long failed – To easy to bypass – Re-compile, new signature – Encode, Encrypt, Obfuscate • Anomaly/Heuristics-based detection is headed in the right direction… but still has its drawbacks – Baseline – Training – Too Noisy… ‘the boy who cried wolf’ – Too lax… ‘everyone is welcomed!’
A New Paradigm is Required! • What is Intelligence-Based Security (Threat Intelligence)? – Many definitions exist – Avoid the noise – Simply: amalgamation and analysis of data to produce Actionable Intelligence regarding a likely threat or attack • Actionable Intelligence allows us to make a decision regarding the security of our enterprise • There is still a difference between threat-data and threat intelligence
How did I arrive at IBS? • As a defender, I conduct err… research network attacks (truly the best way to defend is to master exploitation) • There are times when I need a new, convincing domain (burner- domain) for the attack • I’ve found some enterprises may institute additional blocks based on domains (new domains increase likelihood of attack) • Thus I’d like to have my domains active for a long period of time • A few weeks ago, I was shocked to discover I own over 40+ domains (no big deal… but still… wow!) • Now if I were to purchase a new domain, I would probably use the same methods (because it works and I am most familiar with it!)
PUNT! Let’s take a look at the Attack Methodology again… • What are the common phases? (old method btw) – Recon (Diverge) – Scan (Converge) – Penetration (Converge) – Maintain Access (Converge) – Cover Tracks (Diverge)
Briefly – Common Tools • Recon (Diverge) • Scanning (Converge) – Nmap Superscan? Nessus Nexpose Nikto… • Penetration(Converge) – Armitage Metasploit CobaltStrike SET… • Etc…
Please Don Your Blue Hat Now… • You are now the security defender of your enterprise • You protect your computers and the network • A scan reveals the following tools installed on a machine – Wireshark, Kismet, Ettercap, ALFA Card drivers, NetStumbler, Dsniff, Airocrack-ng suite, THC Hydra, NetworkMiner, etc • What can we conclude about this system?
Convergence of Evidence • In the previous case, assuming computer wasn’t breached, we may conclude it is to be used for wireless and network penetration • We did this via Convergence of Evidence – “Evidence from multiple independent sources can converge into a single, most likely conclusion”
Predicting Today and Yester-year’s Threats? • What strategies to we employ? – AV? – IDS? – IPS? – Firewalls? – Blacklists? – Whitelists? • And so what of new campaigns with never before witnessed domains? • With TI, I’m not concerned with protecting yesterday’s threats… but tomorrow’s using what I learned today
Predicting Tomorrow’s Threats… • What if you are the defender of the net and you deploy your protection strategy… • Given a new domain, never before seen before, how do we know if it could be malicious? What conclusions can we make? tkggvtqvj.org ngzuuazhj.cn ndnroawwps.cn yqdqyntx.com zjjcnghtssj.com rpyaqstbi.net uvcaylkgdpg.biz esebr.cc lrrmirop.net vzcocljtfi.biz jygfwxz.info tpcppmxwv.info wojpnhwk.cc ayrrajawlx.com ztoohkug.com plrjgcjzf.net byymd.cc cxtjlsahcy.biz qegiche.ws uixaky.ws tbjwzo.org ylktrupygmp.cc weafo.biz bcipb.org ovdbkbanqw.com qocrpt.ws izcbraikou.org
What Can We Learn? • At one time, most existed • Could be DGA’s • Correlation analysis: – Creation Date: 2009-12-22 – Owner Address: Afilias Array Dublin 24 IE – Owner Email: “B” or cflicker@live.com – Owner Phone: +1.2023243000 – Name Server: ns.cwgsh.com, ns.cwgsh.net, ns.cwgsh.org • We might have found an Indicator of Compromise
Indicators of Compromise • An Indicator of Compromise (IOC) is an artifact (group of artifacts) that if observed can yield knowledge of the presence of infection/exfiltration • Via Convergence, understanding the correct data points can allow us to detect not only the yesterday’s threats, but predict likelihood of tomorrow’s attacks
Building the TIE • Data + Analysis  Knowledge and Intelligence • How much Data???  LOTS!!! • Excalibur calls these DDS (Disparate Data Sources) • Different Types • Different Analysis (Offline and Live/Online) • Reaping/Harvesting • Converting non-structured into structured data (normalizing) • Data Analysis • Database Programming
Reaping Gotcha’s • Non-structured (everyone is different)
Analyze the Site • Understand how to automate the requests
Demo http://logout.hu/dl/upc/2011-06/230806_gremlin_in_my_computer-lyvind_berget.jpg, Retrieved 17 Sep 13
Special Thanks • TakeDownCon • VirusTotal • Malwr.com • Mr. Suhail “The Boss” • Dhia Mohjoub (@DhiaLite) • Andrew Morris and Animus (@andrew__morris) • Kevin Cooper (@Imp3rialCooper) • Dan Gunter
Contact Me • Solomon Sonya • excaliburtie@gmail.com • @Carpenter1010

Recommended

Attack Simulation and Hunting
Attack Simulation and HuntingAttack Simulation and Hunting
Attack Simulation and Huntingnathi mogomotsi
 
Truth and Consequences
Truth and ConsequencesTruth and Consequences
Truth and ConsequencesMohammed Almeshekah
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. Quiñones-Borrero
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 

Recommended

Attack Simulation and Hunting
Attack Simulation and HuntingAttack Simulation and Hunting
Attack Simulation and Huntingnathi mogomotsi
 
Truth and Consequences
Truth and ConsequencesTruth and Consequences
Truth and ConsequencesMohammed Almeshekah
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. Quiñones-Borrero
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Drop, Stop & Roll
Drop, Stop & RollDrop, Stop & Roll
Drop, Stop & RollJohn Hoffoss
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
Computer Security
Computer SecurityComputer Security
Computer SecurityGreater Noida Institute Of Technology
 
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101Felipe Prado
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known IncidentEndgameInc
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Super1
Super1Super1
Super1neelakanteswarreddy
 
honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.pptDetSersi
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleanerJohn Stauffacher
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Regan, Keller, SF State Securing the vendor mr&ak
Regan, Keller, SF State Securing the vendor mr&akRegan, Keller, SF State Securing the vendor mr&ak
Regan, Keller, SF State Securing the vendor mr&akDET/CHE Directors of Educational Technology - California in Higher Education
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 

More Related Content

Similar to Incorporating Threat Intelligence into Your Enterprise Communications Systems - Solomon Sonya

Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101Felipe Prado
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known IncidentEndgameInc
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.pptDetSersi
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 

Similar to Incorporating Threat Intelligence into Your Enterprise Communications Systems - Solomon Sonya (20)

Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Drop, Stop & Roll
Drop, Stop & RollDrop, Stop & Roll
Drop, Stop & Roll
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known Incident
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application Security
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Super1
Super1Super1
Super1
 
honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.ppt
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
 
Regan, Keller, SF State Securing the vendor mr&ak
Regan, Keller, SF State Securing the vendor mr&akRegan, Keller, SF State Securing the vendor mr&ak
Regan, Keller, SF State Securing the vendor mr&ak
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 

More from EC-Council

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident ResponseEC-Council
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeEC-Council
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoEC-Council
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderEC-Council
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019EC-Council
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementEC-Council
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...EC-Council
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...EC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...EC-Council
 

More from EC-Council (20)

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Incorporating Threat Intelligence into Your Enterprise Communications Systems - Solomon Sonya

  • 1. Incorporating Threat Intelligence into Your Enterprise Communications Systems Solomon Sonya
  • 2. Overview • About Me • Background • Understand need and use of Threat Intelligence • Construct Threat Intelligence Engine SUBTITLE/BY LINE
  • 3. Background • Computer attacks continue to increase in prevalence and sophistication • What have we done to meet these threats? – Signature-Based Detection – Anomaly/Heurstic-Based Detection
  • 4. Old Methods Have Failed or remain inadequate… • Signature-Based detection has long failed – To easy to bypass – Re-compile, new signature – Encode, Encrypt, Obfuscate • Anomaly/Heuristics-based detection is headed in the right direction… but still has its drawbacks – Baseline – Training – Too Noisy… ‘the boy who cried wolf’ – Too lax… ‘everyone is welcomed!’
  • 5. A New Paradigm is Required! • What is Intelligence-Based Security (Threat Intelligence)? – Many definitions exist – Avoid the noise – Simply: amalgamation and analysis of data to produce Actionable Intelligence regarding a likely threat or attack • Actionable Intelligence allows us to make a decision regarding the security of our enterprise • There is still a difference between threat-data and threat intelligence
  • 6. How did I arrive at IBS? • As a defender, I conduct err… research network attacks (truly the best way to defend is to master exploitation) • There are times when I need a new, convincing domain (burner- domain) for the attack • I’ve found some enterprises may institute additional blocks based on domains (new domains increase likelihood of attack) • Thus I’d like to have my domains active for a long period of time • A few weeks ago, I was shocked to discover I own over 40+ domains (no big deal… but still… wow!) • Now if I were to purchase a new domain, I would probably use the same methods (because it works and I am most familiar with it!)
  • 7. PUNT! Let’s take a look at the Attack Methodology again… • What are the common phases? (old method btw) – Recon (Diverge) – Scan (Converge) – Penetration (Converge) – Maintain Access (Converge) – Cover Tracks (Diverge)
  • 8. Briefly – Common Tools • Recon (Diverge) • Scanning (Converge) – Nmap Superscan? Nessus Nexpose Nikto… • Penetration(Converge) – Armitage Metasploit CobaltStrike SET… • Etc…
  • 9. Please Don Your Blue Hat Now… • You are now the security defender of your enterprise • You protect your computers and the network • A scan reveals the following tools installed on a machine – Wireshark, Kismet, Ettercap, ALFA Card drivers, NetStumbler, Dsniff, Airocrack-ng suite, THC Hydra, NetworkMiner, etc • What can we conclude about this system?
  • 10. Convergence of Evidence • In the previous case, assuming computer wasn’t breached, we may conclude it is to be used for wireless and network penetration • We did this via Convergence of Evidence – “Evidence from multiple independent sources can converge into a single, most likely conclusion”
  • 11. Predicting Today and Yester-year’s Threats? • What strategies to we employ? – AV? – IDS? – IPS? – Firewalls? – Blacklists? – Whitelists? • And so what of new campaigns with never before witnessed domains? • With TI, I’m not concerned with protecting yesterday’s threats… but tomorrow’s using what I learned today
  • 12. Predicting Tomorrow’s Threats… • What if you are the defender of the net and you deploy your protection strategy… • Given a new domain, never before seen before, how do we know if it could be malicious? What conclusions can we make? tkggvtqvj.org ngzuuazhj.cn ndnroawwps.cn yqdqyntx.com zjjcnghtssj.com rpyaqstbi.net uvcaylkgdpg.biz esebr.cc lrrmirop.net vzcocljtfi.biz jygfwxz.info tpcppmxwv.info wojpnhwk.cc ayrrajawlx.com ztoohkug.com plrjgcjzf.net byymd.cc cxtjlsahcy.biz qegiche.ws uixaky.ws tbjwzo.org ylktrupygmp.cc weafo.biz bcipb.org ovdbkbanqw.com qocrpt.ws izcbraikou.org
  • 13. What Can We Learn? • At one time, most existed • Could be DGA’s • Correlation analysis: – Creation Date: 2009-12-22 – Owner Address: Afilias Array Dublin 24 IE – Owner Email: “B” or cflicker@live.com – Owner Phone: +1.2023243000 – Name Server: ns.cwgsh.com, ns.cwgsh.net, ns.cwgsh.org • We might have found an Indicator of Compromise
  • 14. Indicators of Compromise • An Indicator of Compromise (IOC) is an artifact (group of artifacts) that if observed can yield knowledge of the presence of infection/exfiltration • Via Convergence, understanding the correct data points can allow us to detect not only the yesterday’s threats, but predict likelihood of tomorrow’s attacks
  • 15. Building the TIE • Data + Analysis  Knowledge and Intelligence • How much Data???  LOTS!!! • Excalibur calls these DDS (Disparate Data Sources) • Different Types • Different Analysis (Offline and Live/Online) • Reaping/Harvesting • Converting non-structured into structured data (normalizing) • Data Analysis • Database Programming
  • 16. Reaping Gotcha’s • Non-structured (everyone is different)
  • 17. Analyze the Site • Understand how to automate the requests
  • 19. Special Thanks • TakeDownCon • VirusTotal • Malwr.com • Mr. Suhail “The Boss” • Dhia Mohjoub (@DhiaLite) • Andrew Morris and Animus (@andrew__morris) • Kevin Cooper (@Imp3rialCooper) • Dan Gunter
  • 20. Contact Me • Solomon Sonya • excaliburtie@gmail.com • @Carpenter1010

Editor's Notes

  1. Bulk Whois: http://www.bulkseotools.com/bulk-whois-lookup.php