TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face...
-
Upload
ec-council -
Category
Technology
-
view
224 -
download
2
Transcript of TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face...
![Page 1: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/1.jpg)
![Page 2: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/2.jpg)
“White Hat Anonymity”: Current challenges security researchers face preforming
actionable OSINT
Christopher R. Barber, CISSP, C|EHv7Threat Analyst Solutionary Inc.
Security Engineering Research Team (SERT)
![Page 3: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/3.jpg)
Introduction
• Member of Solutionary’s Security Engineering Research Team (SERT) specializing in threat intelligence and analysis
• Research and discovery of emerging threats and vulnerabilities
• Use of Open-Source Intelligence Techniques(OSINT) for tracking threat actor activities
• Analysis of threat landscape trends monthly and high level analysis annually
![Page 4: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/4.jpg)
Outline
• Challenges
• Establishing Anonymity
• OSINT Tools and Techniques
• Sources
• Information Sharing
![Page 5: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/5.jpg)
Challenges
• Anonymity Challenges
• Source Information Challenges • Intelligence Sharing Challenges
![Page 6: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/6.jpg)
Anonymity Challenges
• Security policy prohibits the use of 3rd party VPN providers and access to TOR network
• Lack of funds, resources and personnel for the development of secure anonymous channels.
![Page 7: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/7.jpg)
Source Information Challenges• Large volumes of information from a diverse
collection of sources
• Being able to discern between valid information and injected disinformation
• Personnel and Resources
![Page 8: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/8.jpg)
Intelligence Sharing Challenges• Conflicts between organizations due to
differences in security policies
• Lack of security from collaborating organization leads to pivot point for compromise
![Page 9: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/9.jpg)
Establishing Anonymity
• Having an unknown or unacknowledged name
• Having an unknown or withheld authorship or agency
• Having no distinctive character or recognition factor
• Being able to gather information in a manner that does not reveal your personal, professional, or organizations identity
![Page 10: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/10.jpg)
Digital Paper Trail: The bread crumbs left as we traverse the cyber domain.
• IP Address
• User Agent
• Cookies
• Behavioral habits
![Page 11: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/11.jpg)
Anonymizing Service Providers• Private Internet Access• HideMyAss• BlackVPN• IVPN• AirVPN• TorGuard
![Page 12: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/12.jpg)
Anonymizing Virtual Machines
• Whonix
• Tor Middlebox
• Tails VM
![Page 13: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/13.jpg)
Whonix
![Page 14: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/14.jpg)
Tor Middlebox
• Works as proxy between host machine and Virtualbox
• Routes all VM traffic through Tor proxy on host machine
![Page 15: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/15.jpg)
Tails Virtual Machine
![Page 16: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/16.jpg)
Open-Source Intelligence
• Collection and analysis of information gathered from publicly available sources
• Sources involve any form of electronic or printed material available in the public domain
• Intelligence is obtained through the statistical analysis of the occurrence and relationships between pieces of information
![Page 17: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/17.jpg)
Tools and Techniques for OSINT
• Collection Tools
• Search Engines
• Social Media
• Intelligence sources
![Page 18: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/18.jpg)
Collection Tools
• Paterva/Maltego
• Recorded Future
![Page 19: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/19.jpg)
Maltego
![Page 20: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/20.jpg)
Recorded Future
![Page 21: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/21.jpg)
Search Engines
• Google Custom Searches
• Iseek
• Addic-to-matic
• Shodan
![Page 22: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/22.jpg)
Google Custom Search
![Page 23: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/23.jpg)
Google Custom Search
![Page 24: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/24.jpg)
iSeek
![Page 25: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/25.jpg)
Addict-o-matic
![Page 26: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/26.jpg)
Shodan
![Page 27: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/27.jpg)
Social Media
• Google+
![Page 28: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/28.jpg)
Dump Sites
• Pastebin• Reddit• AnonPaste• PirateBay• Zone-H• Pastie
![Page 29: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/29.jpg)
Honey Pots and Nets• Provides automated method for distributed
traffic analysis.• Provides early signs of malware or botnet
activities.
![Page 30: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/30.jpg)
Intelligence Sources
• Cyber War News• The Hacker News• Darkreading.com• FirstHackNews
![Page 31: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/31.jpg)
Shared Intelligence
• Intelligence Sharing Organizations
• Intelligence Assimilation and Sharing Applications
![Page 32: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/32.jpg)
Intelligence Sharing Organizations
![Page 33: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/33.jpg)
Intelligence Assimilation and Sharing Applications
• Structure Threat Information eXpression (STIX)
• Trusted Automated eXchange of Indicator Information (TAXII)
• Common Attack Pattern Enumeration and Classification (CAPEC)
![Page 34: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/34.jpg)
Intelligence in Depth• Intelligence research and analysis
should be practiced with the idea of “defense in depth”.
• Validity and actionable predictions can only be made with the collective analysis of multiple sources.
![Page 35: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/35.jpg)
Solutionary’s 2013 Global Threat Intelligence Report
http://go.solutionary.com/GTIR.html
Solutionary Minds Bloghttp://www.solutionary.com/resource-
center/blog/
![Page 36: TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber](https://reader036.fdocuments.in/reader036/viewer/2022081602/554be208b4c90556328b478a/html5/thumbnails/36.jpg)
Thank You
Questions?