Presented at
Black Hat Europe 2017,
Dec. 6, 2017, 2:15 p.m.
(25 minutes).
An Adversary's Playbook is the organized collection of the Tools, Techniques and Procedures (TTPs) employed during their attack lifecycle. As adversaries do not share their playbooks with defenders, we must derive them through observations of live attacks, shared information and intelligence analysis.
Pragmatic adversaries often re-use elements of attacks, so defenders can use the tracked data to identify attacks perpetrated by the same adversary and better prepare for future attacks.
Adversaries have a limited number of techniques they can employee when targeting a network; They share TTPs with others and that means a single defense can defend against multiple adversaries.
Presenters:
-
Alex Hinchliffe
- Threat Intelligence Analyst, Unit 42, Palo Alto Networks
Alex Hinchliffe is a Threat Intelligence Analyst in Unit 42 at Palo Alto Networks. Based in EMEA, his main responsibilities include research into security threats, the groups behind them, and their motivations, tactics and resources, to enrich intelligence and disseminate information to the public. He started his career as an intern at the then Dr Solomon's Anti-Virus company in the United Kingdom. Almost two decades later, his research has largely focused on Windows malware and recently, on Android. He regularly speaks on these and related topics. While previously working for McAfee Labs Alex co-created the industry's first cloud-based Anti-Malware reputation system, Artemis, decreasing time to protection without signatures to help fight the huge growth in malicious threats.
Links:
Similar Presentations: