2. “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT Christopher R. Barber, CISSP, C|EHv7 Threat Analyst Solutionary Inc. Security Engineering Research Team (SERT)

3. Introduction Member of Solutionary’s Security Engineering Research Team (SERT) specializing in threat intelligence and analysis Research and discovery of emerging threats and vulnerabilities Use of Open-Source Intelligence Techniques(OSINT) for tracking threat actor activities Analysis of threat landscape trends monthly and high level analysis annually

4. Outline Challenges Establishing Anonymity OSINT Tools and Techniques Sources Information Sharing

5. Challenges Anonymity Challenges Source Information Challenges Intelligence Sharing Challenges

6. Anonymity Challenges Security policy prohibits the use of 3 rd party VPN providers and access to TOR network Lack of funds, resources and personnel for the development of secure anonymous channels.

7. Source Information Challenges Large volumes of information from a diverse collection of sources Being able to discern between valid information and injected disinformation Personnel and Resources

8. Intelligence Sharing Challenges Conflicts between organizations due to differences in security policies Lack of security from collaborating organization leads to pivot point for compromise

9. Establishing Anonymity Having an unknown or unacknowledged name Having an unknown or withheld authorship or agency Having no distinctive character or recognition factor Being able to gather information in a manner that does not reveal your personal, professional, or organizations identity

10. Digital Paper Trail: The bread crumbs left as we traverse the cyber domain. IP Address User Agent Cookies Behavioral habits

11. Anonymizing Service Providers Private Internet Access HideMyAss BlackVPN IVPN AirVPN TorGuard

12. Anonymizing Virtual Machines Whonix Tor Middlebox Tails VM

13. Whonix

14. Tor Middlebox Works as proxy between host machine and Virtualbox Routes all VM traffic through Tor proxy on host machine

15. Tails Virtual Machine

16. Open-Source Intelligence Collection and analysis of information gathered from publicly available sources Sources involve any form of electronic or printed material available in the public domain Intelligence is obtained through the statistical analysis of the occurrence and relationships between pieces of information

17. Tools and Techniques for OSINT Collection Tools Search Engines Social Media Intelligence sources

18. Collection Tools Paterva/Maltego Recorded Future

19. Maltego

20. Recorded Future

21. Search Engines Google Custom Searches Iseek Addic-to-matic Shodan

22. Google Custom Search

24. iSeek

25. Addict-o-matic

26. Shodan

27. Social Media Facebook Twitter Google+

28. Dump Sites Pastebin Reddit AnonPaste PirateBay Zone-H Pastie

29. Honey Pots and Nets Provides automated method for distributed traffic analysis. Provides early signs of malware or botnet activities.

30. Intelligence Sources Cyber War News The Hacker News Darkreading.com FirstHackNews

31. Shared Intelligence Intelligence Sharing Organizations Intelligence Assimilation and Sharing Applications

32. Intelligence Sharing Organizations

33. Intelligence Assimilation and Sharing Applications Structure Threat Information eXpression (STIX) Trusted Automated eXchange of Indicator Information (TAXII) Common Attack Pattern Enumeration and Classification (CAPEC)

34. Intelligence in Depth Intelligence research and analysis should be practiced with the idea of “defense in depth”. Validity and actionable predictions can only be made with the collective analysis of multiple sources.

35. Solutionary’s 2013 Global Threat Intelligence Report http://go.solutionary.com/GTIR.html Solutionary Minds Blog http://www.solutionary.com/resource- center/blog/

36. Thank You Questions?