How much information about a threat can you find using a single IP address, domain name, or indicator of compromise (IOC)? What additional threats can you identify when looking at attacker and victim infrastructure? To discover and analyze the infrastructure behind large-scale malware activity, Josh Pyorre and Andrea Scarfo will look at known indicators from popular botnets spreading such threats as Locky, Globeimposter, and Trickbot. They will highlight co-occurring malicious activities observed on the infrastructure of popular botnets, and demonstrate practical techniques to find threats, analyze botnet and malware infrastructure in order to identify actor and victim infrastructure, and show how to pivot to discover additional IOCs using such techniques as passive DNS and OSINT. Finally, they will demonstrate how visualizing known IOCs helps to better understand the connections between infrastructure, threats, victims, and malicious actors.
-
Threat Hunting: What it Is, and What it Is Not
Nowadays everybody is talking about threat hunting. Everyone wants to be a threat hunter. … -
The PoSh Hunter CTF
If you want to test your PowerShell skills and interested in threat hunting – the Po… -
Automated Hunting of Memory Resident Malware at Scale
Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, imp…
Load More Related Articles
-
Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis
Last week Sarah Edwards attended MacDevOpsYVR in Vancouver, Canada, and had a talk about h… -
A Brief History of Attribution Mistakes
This presentation will examine the analytic mistakes the infosec community has made over t… -
Windows Store & Apps Analysis
Here are research, tools and scripts presented at Magnet User Summit 2019 by Yogesh Khatri…
Load More In Presentations
Comments are closed.