Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dark Web y foros underground [rooted2019]
•
2 gostaram•1,069 visualizações
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dark Web y foros underground [rooted2019]
![FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
root[~]# Who are we?
@rvicens
Ramon Vicens
• CTO and VP Threat
Intelligence
• Malware and Threat Analysis
• Gathering intelligence from
botnets & actors https://www.linkedin.com/in/rvicens
Antonio Molina
• Python Team Lead
• Big Data & Analytics
• Software Architecture
• Python & ML Lover
@aydevosotros
https://www.linkedin.com/in/amolinag
ramon.vicens@blueliv.com
antonio.molina@blueliv.com](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recomendados
Recomendados
Mais conteúdo relacionado
Semelhante a Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dark Web y foros underground [rooted2019]
Semelhante a Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dark Web y foros underground [rooted2019] (20)
Mais de RootedCON
Mais de RootedCON (20)
Último
Último (20)
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dark Web y foros underground [rooted2019]
- 1. Follow up of Threat Actors and Cybercriminals in the dark web and underground forums Antonio Molina Ramon Vicens
- 2. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS root[~]# Who are we? @rvicens Ramon Vicens • CTO and VP Threat Intelligence • Malware and Threat Analysis • Gathering intelligence from botnets & actors https://www.linkedin.com/in/rvicens Antonio Molina • Python Team Lead • Big Data & Analytics • Software Architecture • Python & ML Lover @aydevosotros https://www.linkedin.com/in/amolinag ramon.vicens@blueliv.com antonio.molina@blueliv.com
- 3. • Motivation • Real-life examples • Understanding the cybercriminal ecosystem • Big picture • Project approaches FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 3 root[~]# Agenda
- 4. “DOCUMENT LEAKS REGARDING COMPANIES AND GOVERNMENTS” #DRUGS #WEAPONS #ZERODAY VULNERABILITIES #CYBERCRIME AS A SERVICE #CREDENTIALS #CREDIT CARDS #BACKDOORS, #SHELLS, #RDPs… root[~]# Motivation: What’s out there? FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 5. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 5 root[~]# Motivation: examples
- 6. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 6 root[~]# Motivation: examples
- 7. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 7 root[~]# Motivation: examples
- 8. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 8 root[~]# Motivation: examples
- 9. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 9 root[~]# Motivation: examples
- 10. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 10 root[~]# Motivation: examples
- 11. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 11 root[~]# Understanding the cybercriminal ecosystem
- 12. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 12 root[~]# Motivation: Big Picture
- 13. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 13 root[~]# Project approach – initial
- 14. • Statistics: • Identified URLs : 654,715,561 • Identified unique sites: 326,212 14 root[~]# Project approach - results FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS text/html text/plain application/x-archive application/gzip application/octet-stream application/zip application/pdf application/x-xz application/epub+zip text/xml text/prs.lines.tag application/rss-xml application/atom-xml application/xml application/vnd-debian-binary-package application/x-fictionbook+xml application/xhtml+xml application/x-mobipocket-ebook application/x-bzip2 application/x-gzip
- 15. 15 root[~]# Project approach - results FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS • Statistics: • Identified URLs : 654,715,561 • Identified unique sites: 326,212
- 16. • Enrich text (obtaining value from text ) • Natural Language Processing (NLP) • Entity identification and extraction – Text Processing Pipeline • Structured data: The web is made up of common places • Modeling Social Structure 16 root[~]# Project improvement goals FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 17. 17 root[~]# Enriching the text FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS • Automating the process • Natural language is ambiguous, ironic, confusing... but beautiful • The structure tends to be inconsistent • Computers work with "formal" structured languages
- 18. 18 root[~]# Demo: Linguistic features of a text FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 19. 19 root[~]# Text processing pipeline FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 20. 20 root[~]# Word embeddings FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS But… What about semantics ?
- 21. 21 root[~]# Word embeddings FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 22. 22 root[~]# Word embeddings (Continuous-Bag-of-Words Model (CBOW) FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 23. 23 root[~]# Demo: Playing with word vectors FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 24. 24 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 25. 25 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 26. 26 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 27. 27 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 28. 28 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 29. 29 root[~]# Crawling the Deep web FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 30. 30 root[~]# Crawling the Deep web: Model FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 31. 31 root[~]# Actor relationships FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS Sells Posted Answers
- 32. FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS 32 root[~]# Project approach - Improvement
- 33. 33 root[~]# Project Improvement - results FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS • Forums: • Identified Users :18,663 • Threads: 9,705 • Posts: 69,835 Entity Count Email 45.922.490 BTC Wallet 54.714.020 ETH Wallet 1.775 Zeronet URL 52.473.520 TOR URL 28.358.510 I2P URL 559.348 Freenet URL 19.532 Twitter User 25.796.160 Paste 117.196 Phone 328.950 Telegram URL 10.210 API Keys 345.819 Certificates 9.322 DB Connection 15.981 Email 22% BTC Wallet 26% ETH Wallet 0% Zeronet URL 25% TOR URL 14% I2P URL 0% Freenet URL 0% Twitter User 13% Paste 0% Phone 0% Telegram URL 0% API Keys 0%Certificates 0% DB Connection 0%
- 34. 34 root[~]# Tracking Actors FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS What can we do with all this ?
- 35. 35 root[~]# Demo: actor relationships FOLLOWUP OF THREAT ACTORS AND CYBERCRIMINALS IN THE DARK WEB AND UNDERGROUND FORUMS
- 36. 36
- 38. Thanks!