Download presentation
Presentation is loading. Please wait.
Published byNathaniel Poole Modified over 9 years ago
2
“White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT Christopher R. Barber, CISSP, C|EHv7 Threat Analyst Solutionary Inc. Security Engineering Research Team (SERT)
3
Introduction Member of Solutionary’s Security Engineering Research Team (SERT) specializing in threat intelligence and analysis Research and discovery of emerging threats and vulnerabilities Use of Open-Source Intelligence Techniques(OSINT) for tracking threat actor activities Analysis of threat landscape trends monthly and high level analysis annually
4
Outline Challenges Establishing Anonymity OSINT Tools and Techniques Sources Information Sharing
5
Challenges Anonymity Challenges Source Information Challenges Intelligence Sharing Challenges
6
Anonymity Challenges Security policy prohibits the use of 3 rd party VPN providers and access to TOR network Lack of funds, resources and personnel for the development of secure anonymous channels.
7
Source Information Challenges Large volumes of information from a diverse collection of sources Being able to discern between valid information and injected disinformation Personnel and Resources
8
Intelligence Sharing Challenges Conflicts between organizations due to differences in security policies Lack of security from collaborating organization leads to pivot point for compromise
9
Establishing Anonymity Having an unknown or unacknowledged name Having an unknown or withheld authorship or agency Having no distinctive character or recognition factor Being able to gather information in a manner that does not reveal your personal, professional, or organizations identity
10
Digital Paper Trail: The bread crumbs left as we traverse the cyber domain. IP Address User Agent Cookies Behavioral habits
11
Anonymizing Service Providers Private Internet Access HideMyAss BlackVPN IVPN AirVPN TorGuard
12
Anonymizing Virtual Machines Whonix Tor Middlebox Tails VM
13
Whonix
14
Tor Middlebox Works as proxy between host machine and Virtualbox Routes all VM traffic through Tor proxy on host machine
15
Tails Virtual Machine
16
Open-Source Intelligence Collection and analysis of information gathered from publicly available sources Sources involve any form of electronic or printed material available in the public domain Intelligence is obtained through the statistical analysis of the occurrence and relationships between pieces of information
17
Tools and Techniques for OSINT Collection Tools Search Engines Social Media Intelligence sources
18
Collection Tools Paterva/Maltego Recorded Future
19
Maltego
20
Recorded Future
21
Search Engines Google Custom Searches Iseek Addic-to-matic Shodan
22
Google Custom Search
24
iSeek
25
Addict-o-matic
26
Shodan
27
Social Media Facebook Twitter Google+
28
Dump Sites Pastebin Reddit AnonPaste PirateBay Zone-H Pastie
29
Honey Pots and Nets Provides automated method for distributed traffic analysis. Provides early signs of malware or botnet activities.
30
Intelligence Sources Cyber War News The Hacker News Darkreading.com FirstHackNews
31
Shared Intelligence Intelligence Sharing Organizations Intelligence Assimilation and Sharing Applications
32
Intelligence Sharing Organizations
33
Intelligence Assimilation and Sharing Applications Structure Threat Information eXpression (STIX) Trusted Automated eXchange of Indicator Information (TAXII) Common Attack Pattern Enumeration and Classification (CAPEC)
34
Intelligence in Depth Intelligence research and analysis should be practiced with the idea of “defense in depth”. Validity and actionable predictions can only be made with the collective analysis of multiple sources.
35
Solutionary’s 2013 Global Threat Intelligence Report http://go.solutionary.com/GTIR.html Solutionary Minds Blog http://www.solutionary.com/resource- center/blog/
36
Thank You Questions?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.