Defensive security is a rat race. We detect new threats, we reverse engineer them and develop defenses while the bad guys just make new threats. We often just document a new threat and stop when the blog post is published. This talk will take it a step further on how to proactively disrupt threats and threat actors, not just from your organization but completely. As a case study, Operation Tovar and whatever else I take down between now and THOTCON will be used as examples of how this can be accomplished without a large legal team and without massive collateral damage (i.e. the No-IP incident). Tools will be demonstrated that are used for near-time surveillance of criminal networks.