Threatcrowd

36
ThreatCrowd.org @chrisdoman, Vectra Networks bsidesbelfast.org September 2016

Transcript of Threatcrowd

Page 1: Threatcrowd

ThreatCrowd.org@chrisdoman, Vectra Networks

bsidesbelfast.org September 2016

Page 2: Threatcrowd

What is ThreatCrowd?

threatcrowd.org

Page 3: Threatcrowd

Use-case: ThreatIntel & Triaging Detections

baddomain.com

Page 4: Threatcrowd

Use Case: Bug-Bounties & Pen-Tests

Page 5: Threatcrowd

Search

Page 6: Threatcrowd

Infrastructure

Page 7: Threatcrowd

Pivot

Page 8: Threatcrowd

Pivot

Automatically identify sinkholes and parking ranges, and avoid pivoting

MD5

DomainE-mail

IP Address

SSL Certificate

Server Build Hash

Nameserver

Anti-Virus detection

Filename

Page 9: Threatcrowd

Browse

Page 10: Threatcrowd

Blacklists

google.com?

Page 11: Threatcrowd

RSS

Page 12: Threatcrowd

Maltego

Page 13: Threatcrowd

API

https://www.threatcrowd.org/searchApi/v2/email/report/[email protected]

Page 14: Threatcrowd

What is it built on?

via boundary.com

Page 15: Threatcrowd

No magic here

+ cytoscape.js

You can access graph data easily with:SQL + pivot(indicator)

Page 16: Threatcrowd

Datasources are internal &

thanks!

Page 17: Threatcrowd

Why should you build a free platform?

- You get to see Belfast- You get to use it

Page 18: Threatcrowd

~2014

+ some more

Page 19: Threatcrowd

~2016

+ loads more

Page 20: Threatcrowd

A couple of tricks…

Page 21: Threatcrowd

Who is using ThreatCrowd?

Stats

OPSEC?

Page 22: Threatcrowd

Dridex

Locky

Page 23: Threatcrowd

antivirus.*(\.sofacy|sofacy\.)

Page 24: Threatcrowd

Issues

WHY IS MY WEBSITE ON YOUR WEBSITE??

Page 25: Threatcrowd

Where is ThreatCrowd going?- Lots of change since ThreatCrowd was built in 2014

- Use case #1 - ThreatIntel – has changed

Page 26: Threatcrowd

2013 - Tracking Hangover

Via Nii Consulting and Norman Shark

D:\Projects\Elance\AppInSecurityGroup\FtpBackup\Release\Backup.pdb

Page 27: Threatcrowd

2016 – Still Hangover?

Via Cymmetria

Page 28: Threatcrowd

Some things are getting harder to track

https://mpars0ns.github.io/bsidescharm-2016slides/

Page 29: Threatcrowd

Are there still attackers worth tracking?

Via @daveaitel and @fireeye. * correlation != causation

Page 30: Threatcrowd

Marketing doesn’t show a drop in attackers worth tracking…

Via @APTNotes

Page 31: Threatcrowd

… not that you can trust all the marketing

Page 32: Threatcrowd

Still lots of activity worth tracking

Via Bloomberg, FIRST, Guardian

Page 33: Threatcrowd

Already some great resources for crimeware

Page 34: Threatcrowd

Where is ThreatCrowd going?

We don’t need another commercial platformLots of hosting offers from the community - thanks!

May hand over to the communityWhat do you think?

Page 35: Threatcrowd

Coming Soon - ThreatBox(?)

Reduce the infosec echo chamber - try tools quicklyIntegrate the free intel with tools to apply itSIFT & Remnux are awesome but different

Want to beta test?

Page 36: Threatcrowd

Questions?

@chrisdoman / threatcrowd.org

vectranetworks.com


Succumbing to the Python in Financial Markets

Succumbing to the Python in Financial Markets

PickupPal Eco-Rideshare Program

PickupPal Eco-Rideshare Program

Advertising Psychology

Advertising Psychology

Evangelizing Yourself

Evangelizing Yourself

From Paths to Sandboxes

From Paths to Sandboxes

ROI in the age of keyword not provided [Mozinar]

ROI in the age of keyword not provided [Mozinar]

Snapshot of Digital India - March 2014

Snapshot of Digital India - March 2014

Using Social Networks as Job Searching Tools

Using Social Networks as Job Searching Tools

On Digital Transformation - 10 Observations

On Digital Transformation - 10 Observations

Become A Photographer

Become A Photographer

Automotive20

Automotive20

Best Practice For UX Deliverables - Eventhandler, London, 05 March 2014

Best Practice For UX Deliverables - Eventhandler, London, 05 March 2014

Crafting a UX Strategy for Wearables and the Mobile Mainframe

Crafting a UX Strategy for Wearables and the Mobile Mainframe

Ogilvy PR 360 DI Twitter Webinar

Ogilvy PR 360 DI Twitter Webinar

Personal Branding Presentation for HCC

Personal Branding Presentation for HCC

Designing for an Augmented Reality world

Designing for an Augmented Reality world

What is Big Data?

What is Big Data?

The Value of User Experience (from Web 2.0 Expo Berlin 2008)

The Value of User Experience (from Web 2.0 Expo Berlin 2008)

Lean Prototyping - A Practical Guide

Lean Prototyping - A Practical Guide

Big Data - The 5 Vs Everyone Must Know

Big Data - The 5 Vs Everyone Must Know