We Don't Need Another Damn Whitepaper: Going Kinetic on Cybercrime Networks on a Budget

Presented at THOTCON 0x6 (2015), May 15, 2015, noon (25 minutes)

Defensive security is a rat race. We detect new threats, we reverse engineer them and develop defenses while the bad guys just make new threats. We often just document a new threat and stop when the blog post is published. This talk will take it a step further on how to proactively disrupt threats and threat actors, not just from your organization but completely. As a case study, Operation Tovar and whatever else I take down between now and THOTCON will be used as examples of how this can be accomplished without a large legal team and without massive collateral damage (i.e. the No-IP incident). Tools will be demonstrated that are used for near-time surveillance of criminal networks.


  • John Bambenek
    John Bambenek is a handler with the SANS Internet Storm Center and President of Bambenek Consulting and has 15 years experience in information security. He has participated in investigations and takedowns around the world, most recently with Operation Tovar and develops custom threat intelligence tools to monitor and disrupt cyber crime. He has spoken at conferences around the world.