Enviar pesquisa
Carregar
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
•
3 gostaram
•
1,187 visualizações
CanSecWest
Seguir
CanSecWest2017
Leia menos
Leia mais
Internet
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 37
Baixar agora
Baixar para ler offline
Recomendados
CSW2017 Harri hursti csw17 final
CSW2017 Harri hursti csw17 final
CanSecWest
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
Amit Serper
Shamoon
Shamoon
Shakacon
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at Scale
John Bambenek
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
North Texas Chapter of the ISSA
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
North Texas Chapter of the ISSA
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To Noise
Andrew Morris
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
Recomendados
CSW2017 Harri hursti csw17 final
CSW2017 Harri hursti csw17 final
CanSecWest
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
Amit Serper
Shamoon
Shamoon
Shakacon
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at Scale
John Bambenek
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
North Texas Chapter of the ISSA
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
North Texas Chapter of the ISSA
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To Noise
Andrew Morris
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
Andrew Morris
The Background Noise of the Internet
The Background Noise of the Internet
Andrew Morris
Sigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
EC-Council
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
John Bambenek
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
Chi En (Ashley) Shen
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Andrew Morris
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Andrew Morris
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
CODE BLUE
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
Andrew Morris
HITCON 2015 - DGAs, DNS and Threat Intelligence
HITCON 2015 - DGAs, DNS and Threat Intelligence
John Bambenek
Fade from Whitehat... to Black
Fade from Whitehat... to Black
Beau Bullock
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
John Bambenek
External to DA, the OS X Way
External to DA, the OS X Way
Stephan Borosh
Four years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijacking
APNIC
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS Queries
John Bambenek
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CanSecWest
Mais conteúdo relacionado
Mais procurados
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
Andrew Morris
The Background Noise of the Internet
The Background Noise of the Internet
Andrew Morris
Sigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
EC-Council
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
John Bambenek
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
Chi En (Ashley) Shen
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Andrew Morris
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Andrew Morris
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
CODE BLUE
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
Andrew Morris
HITCON 2015 - DGAs, DNS and Threat Intelligence
HITCON 2015 - DGAs, DNS and Threat Intelligence
John Bambenek
Fade from Whitehat... to Black
Fade from Whitehat... to Black
Beau Bullock
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
John Bambenek
External to DA, the OS X Way
External to DA, the OS X Way
Stephan Borosh
Four years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijacking
APNIC
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS Queries
John Bambenek
Mais procurados
(20)
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
The Background Noise of the Internet
The Background Noise of the Internet
Sigma and YARA Rules
Sigma and YARA Rules
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
HITCON 2015 - DGAs, DNS and Threat Intelligence
HITCON 2015 - DGAs, DNS and Threat Intelligence
Fade from Whitehat... to Black
Fade from Whitehat... to Black
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
External to DA, the OS X Way
External to DA, the OS X Way
Four years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijacking
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS Queries
Destaque
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CanSecWest
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CanSecWest
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CanSecWest
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CanSecWest
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CanSecWest
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CanSecWest
CSW2017 Scott kelly secureboot-csw2017-v1
CSW2017 Scott kelly secureboot-csw2017-v1
CanSecWest
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CanSecWest
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CanSecWest
Csw2016 chen grassi-he-apple_graphics_is_compromised
Csw2016 chen grassi-he-apple_graphics_is_compromised
CanSecWest
CSW2017 Qidan he+Gengming liu_cansecwest2017
CSW2017 Qidan he+Gengming liu_cansecwest2017
CanSecWest
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CanSecWest
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelisting
CanSecWest
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CanSecWest
Csw2016 song li-smart_wars
Csw2016 song li-smart_wars
CanSecWest
Csw2016 tang virtualization_device emulator testing technology
Csw2016 tang virtualization_device emulator testing technology
CanSecWest
CSW2017 jun li_car anomaly detection
CSW2017 jun li_car anomaly detection
CanSecWest
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
CanSecWest
Destaque
(20)
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Scott kelly secureboot-csw2017-v1
CSW2017 Scott kelly secureboot-csw2017-v1
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
Csw2016 chen grassi-he-apple_graphics_is_compromised
Csw2016 chen grassi-he-apple_graphics_is_compromised
CSW2017 Qidan he+Gengming liu_cansecwest2017
CSW2017 Qidan he+Gengming liu_cansecwest2017
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelisting
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
Csw2016 song li-smart_wars
Csw2016 song li-smart_wars
Csw2016 tang virtualization_device emulator testing technology
Csw2016 tang virtualization_device emulator testing technology
CSW2017 jun li_car anomaly detection
CSW2017 jun li_car anomaly detection
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
Semelhante a CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
PhishLabs
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human
PhishLabs
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
Imperva
What a locked down law firm looks like updated
What a locked down law firm looks like updated
Denim Group
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Chi En (Ashley) Shen
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
Jason Trost
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
Jason Trost
Hanzo user group
Hanzo user group
Pamela Talevski
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Cyren, Inc
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
Jeremy Li
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
IBM Security
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
Ben Boyd
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Adelaide Hill
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptx
sconalbg
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Shawn Tuma
It’s time to boost VoIP network security
It’s time to boost VoIP network security
Bev Robb
Semelhante a CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
(20)
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
What a locked down law firm looks like updated
What a locked down law firm looks like updated
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
Hanzo user group
Hanzo user group
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptx
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
It’s time to boost VoIP network security
It’s time to boost VoIP network security
Mais de CanSecWest
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CanSecWest
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CanSecWest
Csw2016 macaulay eh_trace-rop_hooks
Csw2016 macaulay eh_trace-rop_hooks
CanSecWest
Csw2016 d antoine_automatic_exploitgeneration
Csw2016 d antoine_automatic_exploitgeneration
CanSecWest
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemes
CanSecWest
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnology
CanSecWest
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
CanSecWest
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
CanSecWest
Mais de CanSecWest
(9)
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
Csw2016 macaulay eh_trace-rop_hooks
Csw2016 macaulay eh_trace-rop_hooks
Csw2016 d antoine_automatic_exploitgeneration
Csw2016 d antoine_automatic_exploitgeneration
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnology
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Último
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
kajalverma014
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
Matthew Sinclair
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
rahman018755
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
Matthew Sinclair
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
growthgrids
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
Matthew Sinclair
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Digicorns Technologies
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
meghakumariji156
Último
(20)
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
1.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary @ThreatConnect Lots of Squats: APTs Never Miss Leg Day March 17, 2017
2.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary Agenda • Spoofed domains • Notable breaches • Tools • Strategic view of spoofed domain registrations • Tactical view • Conclusions
3.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 3 The First Look Vulnerability Rescuing Leia • Because everything has a Star Wars corollary Spoofed domains • Exploit the inherent and immediate trust that we place in the familiar • Target the organization or another organization/technology pertinent to operation Types • Typosquats • Look alikes • Letter swaps • Sticky keys
4.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 4 A) gooqle.com B) googIe.com C) qoogle.com D) gcogle.com Pop Quiz Example
5.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 5 Pop Quiz Example gooqle.com gI qoogle.com Use a lowercase “Q” in place of a “g” gooqle.com qoogle.com
6.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 6 Pop Quiz Example Use a “c” in place of an “o” gcogle.com
7.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 7 Pop Quiz Example Use an uppercase “i” instead of a lowercase “L” googIe.com
8.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 8 Advanced Persistent Threats (APTs) Everybody’s doing it • China • Russia Why • Relatively cheap • Easy to do • Effective • Can obfuscate origin Operations • Delivery • Exploitation • Command and control Notable breaches • Anthem/BCBS entities • OPM • DNC/DCCC Operation types • Credential harvesting • Malware dissemination
9.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 9 Notable Breaches China – DEEP PANDA Anthem/BCBS • we11point[.]com • prennera[.]com • Chinese registrant resellers OPM • opm-learning[.]org • opmsecurity[.]org • The Avengers registrants Russia – FANCY BEAR DNC/DCCC • misdepatrment[.]com • actblues[.]com • Fake personas
10.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 10 So What? Has become a TTP • Specific actors employing spoofing against specific sectors • There is a trend to look for Domain registration precedes operation • Timeline varies Operationalize domain registration information • WHOIS as threat intelligence
11.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 11 We’re Not Playing Whack-a-Mole Simply reacting on a one-off basis won’t suffice • Active state • Predictive state Leveraging domain registrations as threat intel • Higher-level strategic intelligence • Informs organizational or sector awareness • In-depth tactical intelligence • Provides situational awareness during incidents Operationalize domain registration information • Trends in spoofed domain registrations • Identifying and leveraging APT TTPs
12.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 12 Tools of the Trade DNSTwist and URLCrazy • Open source • Identify spoofed domains for a given domain DomainTools • WHOIS • Typo Finder • Reverse NS Lookup • IRIS
13.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary Domain Registrations as Strategic Intel
14.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 14 Trends in Registrations Process • Identify all domains registered during a given timeframe that spoof provided domains • Get WHOIS information for all domains • Registrant, registrar, create date, registrant email address, country of origin • Used Excel • Remove legitimate registrations as possible • Investigate WHOIS information to identify trends or patterns • Correlate possible spikes in activity to current events Hypothesis • Keeping track of all of the spoofed domains targeting a given organization or sector can help identify potential activity against that organization or sector.
15.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 15 Organizational Example Research • Spoofed domains targeting Anthem BCBS legitimate domains • 10 domains/organizations Anthem BCBS Identified • Over 1400 spoofed domains • Over 280 in 2015 • 59 of which came from China
16.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 16 Number of Spoofed Domain Registrations from China Targeting BCBS Entities, 2015
17.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 17 Number of Spoofed Domain Registrations from China Targeting BCBS Entities, 2015
18.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 18 Number of Spoofed Domain Registrations from China Targeting BCBS Entities, 2015
19.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 19 Sector Example Research • Spoofed domains targeting six major pharmaceutical companies Pharmaceutical Industry Identified • Over 2000 spoofed domains • 304 in 2015 • At least 70 from China
20.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 20 Findings Novartis – March 2015 • Three spoofed domains in March • FDA approves first biosimilar drug • Beijing lifts price controls on pharmaceuticals Lilly – November 2015 • Eight spoofed domains in Oct • Twelve in Nov • Eli Lilly and China's Innovent expand partnership • FDA approves cancer drug Sanofi – April 2016 • Twelve spoofed domains in April • Two rest of 2016 • Bids for Medivation • Eczema drug clears trials
21.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 21 What Does This Mean for an Org/Sector? Spikes in registration activity • Potentially portend malicious activity • Necessitate heightened awareness • May not be malicious • May be related to non-cyber events • Situational awareness for sectors WHOIS • Registrants, email addresses for tracking • Identify other domains that individuals targeting your organization register Helps identify threats • Consistencies with previously identified APTs • Capabilities, TTPs, and other infrastructure to be aware of
22.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary Domain Registrations as Tactical Intel
23.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 23 Pivoting from One Spoofed Domain to Others Process • Identify spoofed domain that is particularly suspicious or has been leveraged in malicious activity • Get WHOIS and/or SOA information for domain • Registrant, registrar, create date, registrant email address, country of origin, name server, etc. • Identify the most unique registration information • Pivot to other domains using the most unique registration information Hypothesis • WHOIS information for an encountered spoofed domain can help us identify an actor’s other spoofed domains that may be leveraged against the same or other targets.
24.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 24 DNC and DCCC Attacks DNC • CrowdStrike analysis from mid June • Identified a FANCY BEAR IP address • ThreatConnect identified misdepatrment[.]com • Spoofs MIS Department DCCC • Reporting from mid July identified that same actors compromised DCCC • Used spoofed domain targeting donation website • Fidelis identified actblues[.]com vs actblue[.]com • Registered day after DNC attack publicized
25.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 25 WHOIS/SOA Information for FB Domains misdepatrment[.]com actblues[.]com
26.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 26 What Can We Pivot from that is Unique? misdepatrment[.]com actblues[.]com
27.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 27 What Can We Pivot from that is Unique? misdepatrment[.]com actblues[.]com httpconnectsys[.]com fastcontech[.]com intelsupportcenter[.]com intelsupportcenter[.]net
28.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 28 What Can We Pivot from that is Unique? misdepatrment[.]com actblues[.]com httpconnectsys[.]com fastcontech[.]com intelsupportcenter[.]com intelsupportcenter[.]net
29.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 29 What Can We Pivot from that is Unique? misdepatrment[.]com actblues[.]com httpconnectsys[.]com fastcontech[.]com intelsupportcenter[.]com intelsupportcenter[.]net
30.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 30 What Can We Pivot from that is Unique? misdepatrment[.]com actblues[.]com httpconnectsys[.]com fastcontech[.]com intelsupportcenter[.]com intelsupportcenter[.]net
31.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary Domains4Bitcoins (1a7ea920.bitcoin-dns.hosting) • Bitcoins • ~2500 domains • Previous associations to FB •militaryobserver[.]net •sysprofsvc[.]com •euronews24[.]info •naoasch[.]com •storsvc[.]org ITitch (ns1.ititch.com) • Bitcoins • ~2100 domains 31 Name Servers
32.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 32 Hundreds of Spoofed Domains on Name Servers • access-google[.]com • actblues[.]com • adobeflashdownload[.]de • adobeflashplayer[.]me • adobeflashplayer[.]space • adobeupdater[.]org • adobeupdatetechnology[.]com • adoble[.]net • akamaitechnologysupport[.]com • akamaitechupdate[.]com • appclientsupport[.]ca • appleappcache[.]com • appleauthservice[.]com • applerefund[.]com • archivenow[.]org • bbcupdatenews[.]com • bit-co[.]org • bitsdelivery[.]com • buy0day[.]com • cdn-google[.]com • cdncloudflare[.]com • cloudfiare[.]com • dynamicnewsfeeds[.]com • ebiqiuty[.]com • egypressoffice[.]com • eigsecure[.]com • facebook-profiles[.]com • flashplayer2015[.]xyz • goaarmy[.]org • govsh[.]net • great-support[.]com • hackborders[.]net • helper-akamai[.]com • honeyvvell[.]co • intelintelligence[.]org • intelsupportcenter[.]com • intelsupportcenter[.]net • login-hosts[.]com • logmein-careservice[.]com • marshmallow-google[.]com • micoft[.]com • microsoft-updates[.]me • mofa-uae[.]com • ms-drivadptrwin[.]com • ms-sus6[.]com • ms-updates[.]com • nato-org[.]com • natoadviser[.]com • new-ru[.]org • newflashplayer2015[.]xyz • passwordreset[.]co • pdf-online-viewer[.]com • sec-verified[.]com • securesystemwin[.]com • securityresearch[.]cc • services-gov[.]co[.]uk • social-microsoft[.]com • socialmedia-lab[.]com • symantecupdates[.]com • terms-google[.]com • theguardiannews[.]org • theguardianpress[.]com • thehufflngtonpost[.]com • vortex-sandbox-microsoft[.]com • vpssecurehost[.]com • win-wnigarden[.]com • wincodec[.]com • windowsnewupdated[.]com • winliveupdate[.]top • winninggroup-sg[.]com • wm-z[.]biz • wmepadtech[.]com • wsjworld[.]com • yourflashplayer[.]xyz
33.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 33 Subset for 1&1 Email Domains Domains4Bitcoins (1a7ea920.bitcoin-dns.hosting) • akamaitechnologysupport[.]com • akamaitechupdate[.]com • micoft[.]com • ms-drivadptrwin[.]com • ms-sus6[.]com • securesystemwin[.]com • wmepadtech[.]com • natoadviser[.]com • theguardiannews[.]org • wsjworld[.]com ITitch (ns1.ititch.com) • bitsdelivery[.]com • apptaskserver[.]com • aptupdates[.]org • contentupdate[.]org • defenceglobaladviser[.]com • dowssys[.]com • gmailservicegroup[.]com • i-aol-mail[.]com • msmodule[.]net • officeupdater[.]com • systemsv[.]org • updmanager[.]net
34.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 34 What Does This Mean for an Org/Sector? Relevant threat intelligence • During incidents • Actor pivoting • Historical registrations for reviewing previous activity WHOIS • Identify other domains that individuals targeting your organization register Future tracking • Registrant email addresses • Name servers • Confluence of WHOIS information
35.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 35 Caveats Findings merit additional research • Spoofed domains are not necessarily malicious • Tracking domains may help identify if/when they are operationalized • Hosting information • Slice and dice the WHOIS Legitimate domains • Some domains, like lilly.com, inherently have false positives • Baseline activity to identify spikes • Also requires an understanding of your organization’s assets Importance of sharing • Impossible to do this type of research for all of the organizations/technologies that your organization may be involved with • Sharing intelligence derived from this type of research facilitates other organizations’ defensive efforts
36.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary 36 Conclusions Leverage intelligence from spoofed domain registrations Not cost prohibitive • Lower amount of resources • Some tools openly available Strategic and tactical research • Focuses on a common TTP • Provides situational and tactical awareness Helps defend your organization and others • Sharing is caring • Cyber security karma
37.
© 2016 ThreatConnect,
Inc. All Rights Reserved | All material confidential and proprietary THANK YOU! © 2016 ThreatConnect, Inc. All Rights Reserved Blog: threatconnect.com/blog Twitter: @ThreatConnect Sign up for a free account: www.threatconnect.com/free
Baixar agora