Home Presentations Uncovering and Visualizing Malicious Infrastructure

Uncovering and Visualizing Malicious Infrastructure


How much information about a threat can you find using a single IP address, domain name, or indicator of compromise (IOC)? What additional threats can you identify when looking at attacker and victim infrastructure? To discover and analyze the infrastructure behind large-scale malware activity, Josh Pyorre and Andrea Scarfo will look at known indicators from popular botnets spreading such threats as Locky, Globeimposter, and Trickbot. They will highlight co-occurring malicious activities observed on the infrastructure of popular botnets, and demonstrate practical techniques to find threats, analyze botnet and malware infrastructure in order to identify actor and victim infrastructure, and show how to pivot to discover additional IOCs using such techniques as passive DNS and OSINT. Finally, they will demonstrate how visualizing known IOCs helps to better understand the connections between infrastructure, threats, victims, and malicious actors.

Load More Related Articles
Load More In Presentations
Comments are closed.