Hunting Cyber Threat Actors with TLS Certificates
Автор: SANS Digital Forensics and Incident Response
Загружено: 2017-03-01
Просмотров: 4975
Hunting Cyber Threat Actors with TLS Certificates
This presentation will go over how net defenders and threat intel analysts can use TLS/SSL data from open source sites like scans.io and censys.io to defend their networks and track threat actors that use TLS/SSL to encrypt their command and control, perform credential harvesting or even manage their command and control infrastructure. Most analysts know and use Whois registrant info to track domains threat actors create. However, a lot of threat actors have learned to use Domain Privacy Registration which mitigates
that tracking ability. Analysts also like to use passive DNS sources to track domains and ip’s as actors move their infrastructure. Others analysts use things like VirusTotal to track threat actors based off their malware but not everyone has access to VirusTotal. Using this technique that I will be discussing, defenders and analysts can easily track malware command and control infrastructure as it moves and put the appropriate defense mitigations in place as needed.
Mark Parsons, DevOps/ThreatIntel, Punch Cyber Analytics
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
