Passive Intelligence Gathering and Analytics - It's all Just Metadata!

Presented at TROOPERS16 (2016), March 17, 2016, 10:30 a.m. (Unknown duration).

When it comes to defending our networks or operational environment, it requires more information than just understanding the tactics, techniques, and procedures used against us. To fully prepare for an attack, an invaluable resource would include having the ability to gather intelligence against potential threats. This talk will introduce Just-Metadata, a framework that can be used to gather a large amount of information from multiple freely available sources while also performing intelligent analytics to extrapolate data about potential threats.

The presentation will start with the different types of data that's gathered by Just-Metadata, the sources it draws from, and the development of new intelligence gathering modules. I'll then cover analytical modules and highlight how they can be used to give meaning to data that's been gathered by easily identifying unnoticed relationships between potential threats. The analytical modules are what will provide the most amount of value to users.

Just-Metadata's goal is to make it easy for users to gather useful passive intelligence from a variety of open sources, to do so quickly, and to highlight meaningful information and/or identify hidden relationships. But hey, we're not performing mass data collection, we're only looking at the metadata!


Presenters:

  • Christopher Truncer
    Christopher Truncer (@ChrisTruncer) is a red teamer with Mandiant. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing toolsets. Chris began developing toolsets that are not only designed for the offensive community, but can enhance the defensive community's ability to defend their network as well. I've been published in the Russian Magazine Xakep on Antivirus Evasion with the Veil-Framework. Tool and techniques I develop or research are typically released on my personal blog https://www.christophertruncer.com.

Links:

Similar Presentations: