Hunting The Adversary: Developing And Using Threat Intelligence

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration)

Traditional security defense tools are increasingly unable to protect against emerging and current attacks. The modern attacker has adopted advanced tools and techniques that are unable to be stopped with traditional firewalls, intrusion detection and anti-virus. Meanwhile, dedicated attackers are attempting intrusions over months and years while going undetected to steal valuable information, trade secrets and financial information. Defense techniques that leverage information about attackers and their techniques, however, provide the ability to greatly enhance the security of an organization. Modern defenses can integrate intelligence and counterintelligence information which greatly increases the ability to keep attackers out and to detect their presence quickly. This course will teach students about the tools they can use to gain insight into attackers and to integrate them into their organization. This course will be a mix of lecture and hands-on training so students will be equipped on day one to go back to their work and start using threat intelligence to protect their networks. TOPICS COVERED: - Critical Thinking, ACH and Threat Intelligence Models - Intelligence Sharing Mechanisms - Open Source Intelligence Gathering, Tools and Sources - The Collective Intelligence Framework - Malware Information Sharing Platform - Yara Primer for Threat Intelligence - Malware Surveillance Techniques - Creating and Deriving Intelligence Data - Identifying Adversarial Weaknesses and Disruption Operations - Defensive and Offensive Deception Techniques WHO SHOULD ATTEND Investigators, network defenders, incident responders and anyone interested in how to use intelligence to get ahead of the adversary. WHAT STUDENTS SHOULD BRING A laptop capable of running VMs (specific OSes and configs will be sent to students prior to class) WHAT STUDENTS NEED TO KNOW Basic scripting (bash or python), understanding of reverse engineering malware and sandboxing, knowledge of networking and DNS.


  • John Bambenek - Fidelis Cybersecurity / SANS Internet Storm Center
    John Bambenek is Manager of Threat Systems at Fidelis Cybersecurity, Lecturer in the Department of Computer Science at the University of Illinois at Urbana-Champaign and a handler with the SANS Internet Storm Center. He has over 18 years experience in information security and leads several international investigative efforts tracking cybercriminals, some of which have lead to high profile arrests and legal action. He specializes in disruptive activities designed to greatly diminish the effectiveness of online criminal operations. He produces some of the largest bodies of open-source intelligence used by thousands of entities across the world.


Similar Presentations: