Adversary Analysis and Defenses Using Domain and DNS OSINT

Presented at SOURCE Seattle 2016, Oct. 12, 2016, 10:50 a.m. (40 minutes).

This session illustrates new ways to investigate—and get ahead of--threat actors, using OSINT (Open Source Threat Intelligence) such as domain registration data, IP address data, MX records, geolocation, and more. Using examples from high-profile cybercrime/espionage cases, Tim Helming of DomainTools will demonstrate how threat actors can be identified or accurately profiled, and how their webs of connected holdings can be mapped for defensive (or offensive) purposes. The techniques shown are used effectively by leading-edge private sector, government, and law enforcement experts to fight cybercrime globally. Effective adversary analysis pays off in all phases of a continuous security model, from monitoring to detection to response to prevention.

Presenters:

• Tim Helming - DomainTools
  Tim Helming has over 15 years of experience in infosec, from network to cloud to application attacks and defenses. At DomainTools, he helps define and evangelize the company's growing portfolio of investigative and proactive defense offerings. He cut his security teeth at WatchGuard, rising from 1st level tech support rep to product owner of some of the best-selling SMB security appliances in history. Tim has spoken at security conferences such as BSides Las Vegas, FireEye/MIRcon, Infosec World, FIRST, and AusCERT, as well as media events and technology partner conferences worldwide.

Tags:

• OSINT

Similar Presentations:

• BSidesLV 2015 / Open Up A Can of OSINT On 'Em
• HOPE 2020 Virtual Rescheduled / OSINT Primer
• VB2015 / Sizing cybercrime: incidents and accidents, hints and allegations