osint the secret weapon in hunting nation state campaigns
play

OSINT: The Secret Weapon in Hunting Nation-State Campaigns - PowerPoint PPT Presentation

Dec 17, 2022 •7 likes •247 views

DETECT . ANALYZE . REMEDIATE OSINT: The Secret Weapon in Hunting Nation-State Campaigns alon@intsights.com Alon Arvatz +972-545444313 1 1 1 What People Think 2 True or False? Threat intelligence Nation-state actors Commercial threat

  1. DETECT . ANALYZE . REMEDIATE OSINT: The Secret Weapon in Hunting Nation-State Campaigns alon@intsights.com Alon Arvatz +972-545444313 1 1

  2. 1 What People Think … 2

  3. True or False? Threat intelligence Nation-state actors Commercial threat intelligence won’t is focused on the just sit in a secured “ reconnaissance ” place collaborating help me against phase over internal nation-state attacks networks 3

  4. 2 Using OSINT to Detect Attacks 4

  5. How Nation-state Cyber Attacks Unfold? The Attack Supply Chain Motive Targeting Development Infrastructure Recon Attack 5

  6. What Does This Mean For You 6

  7. Step 1: Outrun Your Competitor • Don’t outrun the bear, outrun your competitor. • Benchmark your digital footprint. • Benchmark is a crucial security need! 7

  8. Benchmark in the telecom industry Leaked credentials Employees on target lists 1500 40 1452 34 1450 35 1400 30 1350 25 18 1300 20 1248 1250 15 1200 10 1150 5 1100 0 Telecom1 Telecom2 Telecom1 Telecom2 8

  9. Nation-State Attacks Motivations Damage Support for Intelligence Profit (??) Other Efforts 9

  10. Step 2 : Get Into The Attacker ’ s Shoes • How does your attacker see you? • What is your digital footprint? • 2 steps: Monitor your digital foot print. • Clean your digital footprint. • 10

  11. Exploitable Data 11

  12. Exploitable Data 12

  13. Clean Your Digital Footprint 13

  14. Step 3: Monitor The Dark Web Clear Web • What is the Dark Web? Deep Web • Hackers #1 interest – Anonymity. Dark Web 14

  15. They Are On The Dark Web! What are they doing on the Dark Web? • Recruiting/Hiring. • 0days. • Staying up-to-date. *OpCleaver, Cylance 15

  16. Recruiting *APT1, Exposing one of China ’ s Cyber Espionage Units, Mandiant 16

  17. Outsourcing *Exposed by Noam Jolles, Diskin Advanced Technologies 17

  18. How Can They Be Detected? Nation State Actors on the Dark • Web • Very few posts. • Very laconic. • Don ’ t contribute. • Looking for 0days. • Unlimited budget. 18

  19. How Can They Be Detected? 19

  20. Step 4 : Weapon Deployment • States collaborate on closed networks but organizations are on the surface. • In order to attack, states have to reach the surface, and that leaves them exposed. TI can help detect: • Phishing attacks - fake domain registration. • Malicious mobile applications • Fake social media profiles 20

  21. Fake Social Media Profiles 21

  22. How Nation-state Cyber Attacks Unfold? The Attack Supply Chain Motive Targeting Development Infrastructure Recon Attack Phishing domains Exploitable Data Benchmark Dark Web monitoring Malicious mobile apps Data Leakage Exploitable Data Fake social media profiles Data Leakage 22

  23. Conclusion: OSINT Is Critical Operational Eliminates Enable Blind Spots Efficiency Proactive Security 1. Optimized risk picture with an 1. Connect external threats with your 1. Actionable visibility aggregated and coordinated view enterprise before they attack. 2. Automate remediation for internal across internal and external threats. 2. Capture early warning signals. and external systems 2. Context to effectively scope alerts 3. Metrics and visibility showcasing or gauge the severity of a threat. security’s impact. 23

  24. Thank You alon@intsights.com Alon Arvatz +972-545444313 1 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Secret Weapons of the AOL Optimization Team Dave Artz Secret Weapon #1: Apache Mods 4

The Secret Weapons of the AOL Optimization Team Dave Artz Secret Weapon #1: Apache Mods 4

The Secret Weapons of the AOL Optimization Team Dave Artz Secret Weapon #1: Apache Mods 4 sec. 2.5 sec. modconcat http://code.google.com/p/modconcat/ Once installed, lets you reference any CSS or JS file on your server like this:

825 views • 44 slides
OSINT OPEN-SOURCE INTELLIGENCE OSINT Offensive OSINT * 1 Whoami Adam Nurudini CEH, ITIL

OSINT OPEN-SOURCE INTELLIGENCE OSINT Offensive OSINT * 1 Whoami Adam Nurudini CEH, ITIL

OSINT OPEN-SOURCE INTELLIGENCE OSINT Offensive OSINT * 1 Whoami Adam Nurudini CEH, ITIL V3, CCNA, CCNP, CASP, PCI-DSS, BSC-IT Lead Security Researcher @ Netwatch Technologies Project Consultant, Information Security Architects Ltd

454 views • 17 slides
Your Secret Weapon is in the Oven. A unique program for people, not algorithms { Creating

Your Secret Weapon is in the Oven. A unique program for people, not algorithms { Creating

BAKE ME A WISH! NEW YORK Your Secret Weapon is in the Oven. A unique program for people, not algorithms { Creating authentic customer and employee relationships with your brand } Cut through the noise { make it personal } These days, it

318 views • 9 slides
Silicon Valleys Secret Weapon The SHAdow History of BurnE RS by Steve Ou*rim ALL INFORMATION

Silicon Valleys Secret Weapon The SHAdow History of BurnE RS by Steve Ou*rim ALL INFORMATION

Silicon Valleys Secret Weapon The SHAdow History of BurnE RS by Steve Ou*rim ALL INFORMATION GATHERED FROM OPEN SOURCE INTELLIGENCE Images used with permission, under Creative Commons license, or under non-commercial Fair Use Part 3

239 views • 22 slides
CONSTRAINTS A DEVELOPER'S SECRET WEAPON PG Day Paris 2018-03-15 WILL LEINWEBER @LEINWEBER

CONSTRAINTS A DEVELOPER'S SECRET WEAPON PG Day Paris 2018-03-15 WILL LEINWEBER @LEINWEBER

CONSTRAINTS A DEVELOPER'S SECRET WEAPON PG Day Paris 2018-03-15 WILL LEINWEBER @LEINWEBER CITUSDATA.COM INTRO Will Leinweber @leinweber CONSTRAINTS maybe not the most exciting topic just want DB to safely store&retrieve data stern

720 views • 57 slides
A Secret Weapon of WWII USS Langley (CV-1) 1922 SS l (C 1) 1922 USS Lexington (CV-2)

A Secret Weapon of WWII USS Langley (CV-1) 1922 SS l (C 1) 1922 USS Lexington (CV-2)

1 A Secret Weapon of WWII USS Langley (CV-1) 1922 SS l (C 1) 1922 USS Lexington (CV-2) and USS Saratoga (CV-3) 1928 USS Ranger (CV-4) 1934 g ( ) USS Yorktown (CV-5) 1938 USS Enterprise (CV-6) 1938 USS Wasp (CV-7) 1938

707 views • 31 slides
The Power Of ANALYTICS: HRs SECRET WEAPON Steve VanWieren Principal Statistician / Data

The Power Of ANALYTICS: HRs SECRET WEAPON Steve VanWieren Principal Statistician / Data

The Power Of ANALYTICS: HRs SECRET WEAPON Steve VanWieren Principal Statistician / Data Scientist October 16, 2013 Agenda Big Data in HR A case study Workforce trends What is big data? V olume The Big Data Revolution

727 views • 40 slides
CLICKHOUSE MATERIALIZED VIEWS A SECRET WEAPON FOR HIGH PERFORMANCE ANALYTICS Robert Hodges --

CLICKHOUSE MATERIALIZED VIEWS A SECRET WEAPON FOR HIGH PERFORMANCE ANALYTICS Robert Hodges --

CLICKHOUSE MATERIALIZED VIEWS A SECRET WEAPON FOR HIGH PERFORMANCE ANALYTICS Robert Hodges -- Percona Live 2018 Amsterdam Introduction to Presenter Robert Hodges - Altinity CEO www.altinity.com 30+ years on DBMS plus Leading software and

683 views • 23 slides
Data: The (Not-So-Secret) Weapon for Mobile Success Suhail Doshi co-founder & CEO,

Data: The (Not-So-Secret) Weapon for Mobile Success Suhail Doshi co-founder & CEO,

Data: The (Not-So-Secret) Weapon for Mobile Success Suhail Doshi co-founder & CEO, Mixpanel Aliisa Rosenthal growth manager, Mixpanel Sept 26, 2013 Tuesday, November 12, 2013 Big data, small data... its just data. Nov 5, 2013

612 views • 17 slides
Pair and Mob Programming Secret weapon for agile and continuous software development Thomas Much

Pair and Mob Programming Secret weapon for agile and continuous software development Thomas Much

Pair and Mob Programming Secret weapon for agile and continuous software development Thomas Much @thmuch #JAXLondon About @thmuch Thomas Much #JAXLondon Freelancer, Hamburg Agile Developer Coach Software Developer (Java et al.)

1.12k views • 75 slides
Italys Surveillance Toolbox Riccardo Coluccini @ORARiccardo 34C3 27th-30th December

Italys Surveillance Toolbox Riccardo Coluccini @ORARiccardo 34C3 27th-30th December

Italys Surveillance Toolbox Riccardo Coluccini @ORARiccardo 34C3 27th-30th December 2017 OSINT OSINT Google Search VAT numbers OSINT Payments by Ministry of Interior due to transparency law n33/2013 OSINT Google

399 views • 36 slides
Hunting Manufactures and distributes products that enable the extraction of oil and gas Hunting

Hunting Manufactures and distributes products that enable the extraction of oil and gas Hunting

Hunting Manufactures and distributes products that enable the extraction of oil and gas Hunting PLC Global Footprint 2 2009 Corporate Highlights Completed three acquisitions 47.3m Sale of Hunting Energy France 11.1m Year end

857 views • 37 slides
Sourcing meets OSINT 3rd of March 2020 // ERA webinar // www.theera.org by Gordon Lokenberg

Sourcing meets OSINT 3rd of March 2020 // ERA webinar // www.theera.org by Gordon Lokenberg

Sourcing meets OSINT 3rd of March 2020 // ERA webinar // www.theera.org by Gordon Lokenberg What is OSINT? Used by Law Enforcement Used by the ARMY Used by Private Investigators Used by Sourcers MAINLY ONLINE, mainly

610 views • 14 slides
Tear Gas is a Chemical Weapon: The Toxicology of State Violence Kimberly K. Garrett, MPH

Tear Gas is a Chemical Weapon: The Toxicology of State Violence Kimberly K. Garrett, MPH

Tear Gas is a Chemical Weapon: The Toxicology of State Violence Kimberly K. Garrett, MPH University of Pittsburgh Graduate Student Organizing Committee STEM & Society Lecture Series 21 October 2020 1 About Me Kim (She/Her)

750 views • 24 slides
Waterfowl Hunting for Beginners by John Martsh R-3 Program Manager Hunting Techniques: Spot and

Waterfowl Hunting for Beginners by John Martsh R-3 Program Manager Hunting Techniques: Spot and

Waterfowl Hunting for Beginners by John Martsh R-3 Program Manager Hunting Techniques: Spot and Stalk Hunting Techniques: Decoying Hunting Techniques: Pass Shooting Gauge Sizes Choke extracted from muzzle Choke lengths and wall diameters

783 views • 29 slides
CityFIRST Financing Initiative for Renewable and Solar Technology ECN * May 26, 2009 Our Secret

CityFIRST Financing Initiative for Renewable and Solar Technology ECN * May 26, 2009 Our Secret

CityFIRST Financing Initiative for Renewable and Solar Technology ECN * May 26, 2009 Our Secret Weapon p Almost 40 percent of abatement [targets for 2030] could be achieved at negative marginal costs. Unlocking the negative hi d i i

276 views • 11 slides
2013 - The year in Review thinkst applied research @haroonmeer | @marcoslaviero Who we are (and

2013 - The year in Review thinkst applied research @haroonmeer | @marcoslaviero Who we are (and

2013 - The year in Review thinkst applied research @haroonmeer | @marcoslaviero Who we are (and why does it matter?) Who we are (and why does it matter?) So... 2013 2013 Significant Events Research Themes Future Themes ? References / Links

983 views • 71 slides
NEEDLES IN A HAYSTACK: MINING INFORMATION FROM PUBLIC DYNAMIC SANDBOXES FOR MALWARE INTELLIGENCE

NEEDLES IN A HAYSTACK: MINING INFORMATION FROM PUBLIC DYNAMIC SANDBOXES FOR MALWARE INTELLIGENCE

NEEDLES IN A HAYSTACK: MINING INFORMATION FROM PUBLIC DYNAMIC SANDBOXES FOR MALWARE INTELLIGENCE Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi and Davide Balzarotti Eurecom Symantec Research Labs Universit degli Studi di

695 views • 34 slides
Bro Scripts The Bro Monitoring Platform Agenda Thursday Block 1: Bro-Overview and introduction.

Bro Scripts The Bro Monitoring Platform Agenda Thursday Block 1: Bro-Overview and introduction.

Bro Scripts The Bro Monitoring Platform Agenda Thursday Block 1: Bro-Overview and introduction. Structure, setup, administration. Exercise: find your way around in the training VM. Block 2: Bro-logs, network logs. Introduction on

292 views • 13 slides
Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee

Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee

Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee Email: rlee@dragos.com Web: www.dragos.com Agenda Where We Are Selected Case Studies in Cyber Attacks Where Were Heading

424 views • 24 slides
Hunting and detecting APTs using Sysmon and PowerShell logging TOM UELTSCHI BOTCONF 2018 C:>

Hunting and detecting APTs using Sysmon and PowerShell logging TOM UELTSCHI BOTCONF 2018 C:>

Hunting and detecting APTs using Sysmon and PowerShell logging TOM UELTSCHI BOTCONF 2018 C:> whoami /all Tom Ueltschi Swiss Post CERT / SOC / CSIRT since 2007 (over 11 years!) Focus & Interests: Malware Analysis, Threat Intel,

1.45k views • 115 slides
GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response Investing in new talent & capabilities Incident response Cyber intelligence Digital forensics Security architecture Identity management

609 views • 42 slides
Acute Variables Of Training The Process Of Designing Training Plans SBS Academy: Unit 2 Mo

Acute Variables Of Training The Process Of Designing Training Plans SBS Academy: Unit 2 Mo

Acute Variables Of Training The Process Of Designing Training Plans SBS Academy: Unit 2 Mo Module le 2. 2.8 Unit 2- Coaching For Physique Athletes Learning Objectives Understand the role of exercise selection in training for

282 views • 14 slides
ECE590 Computer and Information Security Fall 2018 Malware Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2018 Malware Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2018 Malware Tyler Bletsch Duke University [SOUP13] defines malware as: a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality,

766 views • 53 slides

More recommend