Note from Underground: Compromised Credentials

Presented at Kernelcon 2019, April 6, 2019, 4 p.m. (50 minutes)

'Notes from Underground: Compromised Credentials' presents several novel use cases for collecting, enriching, and searching so-called dumps of stolen online accounts. Although there are many commercial offerings and some free search tools, these tend to focus on the obvious use of stolen credentials to notify potential victims to change their account password. Victim notification is an important use of the data but researchers can also benefit from collecting and analyzing all of the other relevant details such as IP addresses, user handles, password choice, dates, and sometimes information collected by malicious software. The audience will see tools to parse, enrich, and format stolen data along with multiple ways to index it, search it, and visualize it. The tools will be made available publicly at the time of the presentation using GitLab. Although the presenter cannot give away the data in bulk, sources of compromised credentials will be shared.


Presenters:

  • Brian C. Carter
    Brian Carter has split his career working as an intelligence analyst and more recently in computer network defense. He spends most of his time working on threat intelligence research and consulting for incidents and SOC issues. Brian lives in Indianapolis.

Links:

Similar Presentations: