24 Techniques to Gather Threat Intel and Track Actors

Presented at Black Hat Asia 2017, March 31, 2017, 11:45 a.m. (60 minutes).

In recent years, we delivered many talks detailing threat actors, their operations, and their tools. How did we conduct such research and gather such intel? In this talk, we share 24 techniques for gathering threat intel and tracking actors, or example: crimeware (undisclosed) vulnerabilities, C&C misconfig, and underground marketplaces. We explain our use of these techniques using 30 real cases.<br /> <br /> We will also uncover an underground marketplace that has over 1,400 registered attackers. Products for sale includes webshells, ssh passwords, ftp passwords, email lists, and crimeware. We show how their purchased crimeware contained vulnerabilities that allowed us to track them.

Presenters:

  • Sun Huang - Senior threat researcher, Proofpoint
    Sun Huang is a Senior Threat Researcher at Proofpoint. He has more than nine years of experience in information security. Sun has discovered many Web application 0days, including those of CMS and C2 Panel. Sun has participated in many security contests, and was one of the top 10 researchers in Paypal's 2013 Bug Bounty Wall of Fame. He was also the third place AT&T bug reporter in 2013. Sun currently holds CCNA, ECSS, CEH, and PMP certifications. Sun has presented at RSA '15 '16, SteelCon '16, Troopers '16, AusCERT '16.
  • Wayne Huang - VP Engineering, Proofpoint
    Wayne Huang was Founder and CEO of Armorize Technologies, and is now VP Engineering at Proofpoint. Huang is a frequent speaker at security conferences, including Black Hat '10, DEF CON '10, RSA '07 '10 '15 '16, SteelCon '16, Troopers '16, AusCERT '16, SyScan '08, '09, OWASP '08, '09, Hacks in Taiwan '06 '07, WWW '03 '04, PHP '07 and DSN '04. Into security since 7th grade, he has led teams to develop security products ranging from source code analysis, web application firewall, vulnerability assessment, exploit & malware detection, anti-malvertising, email security, and APT defense. He received his PhD in EE from National Taiwan University, and his BS and MS in CS from NCTU. He holds two US patents on source code analysis.

Links:

Similar Presentations: