OH-SINT: Merging OSINT Into RE Workflows to Simplify Analysis

Presented at BSidesLV 2023, Aug. 8, 2023, 11:30 a.m. (25 minutes).

Anti-analysis features are becoming more prevalent as developers gain skills and spread knowledge amongst themselves. Adding in the increasing use of crypt services, it's making RE more challenging when you need to get information out of malware quick and dirty. We look at leveraging more OSINT into the process to track down information, sometimes straight from the developers including occasionally scoring gold with full developer docs, and how this can be reincorporated into the analysis workflow to potentially speed up time to value when the hunt is on.

Presenters:

  • Nicholas Carroll
    Nicholas is a threat intelligence researcher who spends far too much time ingesting things from the open and dark web than can possibly be healthy. He's been in IT and cybersecurity for over a decade. During that time, he's served as everything from help desk to a state government CISO handling election security projects. He regularly teaches boot-camps trying to help draw more people into the industry. In the past couple years, he's been working closely with SOC analysts and reverse engineers working to pull apart recently detected threats with relatively little-known indicators and has taken a large interest in looping these workflows into threat intelligence.

Links:

Similar Presentations: