SlideShare a Scribd company logo

I am a Nation State and So Can You

S
synackpwn

Hack3rcon V presentation by @tothehilt and @synackpwn on the current state of 'cyber threat intelligence', how scanning CONPOTs make you OMG CHINA, and other nonsense in the industry.

Technology
1 of 32
Download to read offline
I’m a Nation State and So Can You!
NextGen Cyber Threat Intel
Intros SynAckPwn
Intros tothehilt
Started With Derbycon youtube.com/watch?v=7jfshUL-0yM
Know Your Protocols
Oops
OMG Chattanooga? However, DouceNoozle Inc founder and Chief Technical Officer Herbert A Derp points out that nation-states sometimes launch attacks from computers within their own borders because they control the Internet there and can ensure the computers won't get taken offline.
Choo Choo Motherfucker Beijing may not be a surprise, but Chattanooga?
"The scans were to honeypots, so there is no reason for any traffic to be going to these systems.” “We found almost nothing publicly available about this IP." “They run no legitimate services and have no DNS entries, so any traffic to them is suspicious, especially traffic to tcp port 102 that conforms to the S7comm spec.”
Threat Intel Derp Levels: Seeing what you want to see
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
Cyber Threat Intel: Purdy Lights & Meaningless Data
What is (Real)Intel Analysis? - Develop specific expertise, discern patterns of complex behavior, and provide an accurate understanding of present and future threats. - Apply highly developed inductive reasoning skills to provide a proactive approach to potential threats. - Navigate a variety of records, reports, miscellaneous communications, case files, and other sources to support research and analysis. - Initiate, establish, and maintain effective working relationships inside and outside the FBI. What makes a good IA? According to Marita Cook, a strategic analyst at FBI Headquarters, “You have to be very data oriented. You need to understand the data and how all the pieces can be used together to see the larger picture. You need to be intrigued by questions—why are things happening the way they are? And above all,” she said, “you have to be persistent, following every lead to its logical conclusion.” Find Meaningful Patterns in Meaningless Noise
What is Not? Data Visualization ≠ Intel Analysis
Magic Quadrant Level 0: Just scanning shit - No obfuscation needed Level 1: Non attribution - Still legal Level 2: Non attribution - Probably Illegal Level 3: OMG NSA - Going to GITMO
Level 0 The ‘ErrataRob’ Model - Fuck you, I can scan what I want and I’m going to let you know about it
Level 1 The ‘I Don’t Want to Be Weev’ Model - Still legal, but you don’t want to deal with the hassle Active scanning, browsing, FTP, etc. Not attacks, just using the services available.
Level 2 The ‘Internet Census 2012’ Model - Illegal tactics for the greater good (mostly harmless)
Level 3 The ‘Swat Brian Krebs’ Model - I just want to cause harm on the internet, because lulz.
“NextGen Threat Intel” Level 0 - OMG APTCHINA: Pings and port scans are tagged as advanced attacks from adversaries. Level 1/2 - Noise: Just obfuscated enough for them to not care, activity not interesting enough to investigate Level 3 - Nation State Attention: FBI/NSA is on your ass
Master De/b/ater If you’re not doing anything wrong, then you have nothing hide.
Master De/b/ater What is Real Threat Intel
Master De/b/ater Is ‘Threat Intel’ Useful - Blue Teams, Perimeter Defense, Anything?
Master De/b/ater Admitting we’re wrong, current cyber threat intel is only mostly worthless, not completely worthless
Questions?

Recommended

Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINT
centralohioissa
 
Toastmasters - Securing Your Smartphone
Toastmasters - Securing Your SmartphoneToastmasters - Securing Your Smartphone
Toastmasters - Securing Your Smartphone
Hasani Jaali
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Lalit Kumar
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
centralohioissa
 
Ethical hacking composed
Ethical hacking composedEthical hacking composed
Ethical hacking composed
Bikalpa Thapa
 
Hacking
HackingHacking
Hacking
Purohit Rock
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalists
Jillian York
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
EC-Council
 

Recommended

Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINT
centralohioissa
 
Toastmasters - Securing Your Smartphone
Toastmasters - Securing Your SmartphoneToastmasters - Securing Your Smartphone
Toastmasters - Securing Your Smartphone
Hasani Jaali
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Lalit Kumar
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
centralohioissa
 
Ethical hacking composed
Ethical hacking composedEthical hacking composed
Ethical hacking composed
Bikalpa Thapa
 
Hacking
HackingHacking
Hacking
Purohit Rock
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalists
Jillian York
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
EC-Council
 
Ethical Hacking
Ethical Hacking Ethical Hacking
Ethical Hacking
Harshit Upadhyay
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering Techniques
Neelu Tripathy
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobile
grugq
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Binit Kumar
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Chema Alonso
 
Are Computer Hacker Break-ins Ethical -- Spafford
Are Computer Hacker Break-ins Ethical -- SpaffordAre Computer Hacker Break-ins Ethical -- Spafford
Are Computer Hacker Break-ins Ethical -- Spafford
Mia Eaker
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
Evan Francen
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Muzaffar Ahmad
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
Farwa Ansari
 
Frony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityFrony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar City
Jose Fernandez
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
Felipe Prado
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
Tzar Umang
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
jeshin jose
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Rajan Chhangani
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Rajan Chhangani
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Infosecurity2010
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
Blake Carver
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
Rwik Kumar Dutta
 

More Related Content

What's hot

Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Infosecurity2010
 

What's hot (20)

Ethical Hacking
Ethical Hacking Ethical Hacking
Ethical Hacking
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering Techniques
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobile
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
 
Are Computer Hacker Break-ins Ethical -- Spafford
Are Computer Hacker Break-ins Ethical -- SpaffordAre Computer Hacker Break-ins Ethical -- Spafford
Are Computer Hacker Break-ins Ethical -- Spafford
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
Frony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityFrony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar City
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
 
Social engineering
Social engineeringSocial engineering
Social engineering
 

Similar to I am a Nation State and So Can You

Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Santhosh Tuppad
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
forensicsnation
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
forensicsnation
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
zapp0
 
Report of cyber crime
Report of cyber crimeReport of cyber crime
Report of cyber crime
Alisha Korpal
 

Similar to I am a Nation State and So Can You (20)

An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Forensic Science Informatics P3 M3 D3
Forensic Science Informatics P3 M3 D3Forensic Science Informatics P3 M3 D3
Forensic Science Informatics P3 M3 D3
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
 
Security
SecuritySecurity
Security
 
Report of cyber crime
Report of cyber crimeReport of cyber crime
Report of cyber crime
 
How to hack. Cyprus meetup
How to hack. Cyprus meetupHow to hack. Cyprus meetup
How to hack. Cyprus meetup
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
APT in the Financial Sector
APT in the Financial SectorAPT in the Financial Sector
APT in the Financial Sector
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

I am a Nation State and So Can You

  • 1. I’m a Nation State and So Can You!
  • 5. Started With Derbycon youtube.com/watch?v=7jfshUL-0yM
  • 8. OMG Chattanooga? However, DouceNoozle Inc founder and Chief Technical Officer Herbert A Derp points out that nation-states sometimes launch attacks from computers within their own borders because they control the Internet there and can ensure the computers won't get taken offline.
  • 9. Choo Choo Motherfucker Beijing may not be a surprise, but Chattanooga?
  • 10. "The scans were to honeypots, so there is no reason for any traffic to be going to these systems.” “We found almost nothing publicly available about this IP." “They run no legitimate services and have no DNS entries, so any traffic to them is suspicious, especially traffic to tcp port 102 that conforms to the S7comm spec.”
  • 11. Threat Intel Derp Levels: Seeing what you want to see
  • 12. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 13. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 14. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 15. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 16. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 17. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 18. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 19. Cyber Threat Intel: Purdy Lights & Meaningless Data
  • 20. What is (Real)Intel Analysis? - Develop specific expertise, discern patterns of complex behavior, and provide an accurate understanding of present and future threats. - Apply highly developed inductive reasoning skills to provide a proactive approach to potential threats. - Navigate a variety of records, reports, miscellaneous communications, case files, and other sources to support research and analysis. - Initiate, establish, and maintain effective working relationships inside and outside the FBI. What makes a good IA? According to Marita Cook, a strategic analyst at FBI Headquarters, “You have to be very data oriented. You need to understand the data and how all the pieces can be used together to see the larger picture. You need to be intrigued by questions—why are things happening the way they are? And above all,” she said, “you have to be persistent, following every lead to its logical conclusion.” Find Meaningful Patterns in Meaningless Noise
  • 21. What is Not? Data Visualization ≠ Intel Analysis
  • 22. Magic Quadrant Level 0: Just scanning shit - No obfuscation needed Level 1: Non attribution - Still legal Level 2: Non attribution - Probably Illegal Level 3: OMG NSA - Going to GITMO
  • 23. Level 0 The ‘ErrataRob’ Model - Fuck you, I can scan what I want and I’m going to let you know about it
  • 24. Level 1 The ‘I Don’t Want to Be Weev’ Model - Still legal, but you don’t want to deal with the hassle Active scanning, browsing, FTP, etc. Not attacks, just using the services available.
  • 25. Level 2 The ‘Internet Census 2012’ Model - Illegal tactics for the greater good (mostly harmless)
  • 26. Level 3 The ‘Swat Brian Krebs’ Model - I just want to cause harm on the internet, because lulz.
  • 27. “NextGen Threat Intel” Level 0 - OMG APTCHINA: Pings and port scans are tagged as advanced attacks from adversaries. Level 1/2 - Noise: Just obfuscated enough for them to not care, activity not interesting enough to investigate Level 3 - Nation State Attention: FBI/NSA is on your ass
  • 28. Master De/b/ater If you’re not doing anything wrong, then you have nothing hide.
  • 29. Master De/b/ater What is Real Threat Intel
  • 30. Master De/b/ater Is ‘Threat Intel’ Useful - Blue Teams, Perimeter Defense, Anything?
  • 31. Master De/b/ater Admitting we’re wrong, current cyber threat intel is only mostly worthless, not completely worthless