A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure

preview_player
Показать описание
SANS Cyber Threat Intelligence Summit 2023

Luna Moth: A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure
Oren Biderman, Senior Incident Response & Threat Hunting Expert, Sygnia
Noam Lifshitz, Incident Response Team Leader, Sygnia

Pivoting, or being able to move between indicators of compromise and up David Bianco's Pyramid of Pain to uncover the threat actor's tactics, techniques and procedures (TTPs) is a common practice in Cyber threat intelligence (CTI) operations. However, it is sometimes regarded more as a black art than a science. In this talk we will discuss a threat group dubbed "Luna Moth" that leverages call-back phishing techniques, as a case study to walk you through the process of leveraging indicators of compromise identified while responding to several security breaches to uncover the threat actor's infrastructure. The talk will include: 1. An overview of several breaches we investigated focusing on the attacker's modus operandi. 2. A breakdown of two techniques which were used to pivot between IOCs to uncover and track the threat actor infrastructure. 3. Example of employing automation to continuously monitor the threat actor's infrastructure.

  1. SANS Digital Forensics and Incident Response
  2. digital forensics
  3. incident response
  4. threat hunting
  5. cyber threat intelligence
  6. dfir training
Рекомендации по теме
A Practical Case 0:23:49

A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure

Cybersecurity Threat Hunting 0:06:51

Cybersecurity Threat Hunting Explained

How To Threat 0:06:01

How To Threat hunt Like A Pro: The Easy Way

Using Open Tools 0:37:46

Using Open Tools to Convert Threat Intelligence into Practical Defenses: Threat Hunting Summit

Practical Threat Hunting 0:30:21

Practical Threat Hunting With Machine Learning

Cybersecurity Expert Demonstrates 0:03:27

Cybersecurity Expert Demonstrates How Hackers Easily Gain Access To Sensitive Information

Hunting Threat Actors 0:39:39

Hunting Threat Actors Using OSINT

Scientists Reveal How 0:21:34

Scientists Reveal How a Zombie Apocalypse Could Actually Happen

Tomorrow’s Threats, Today’s 0:59:40

Tomorrow’s Threats, Today’s Priorities: Setting the EU’s Defence Strategy

Network Intrusion Detection 0:11:23

Network Intrusion Detection Systems (SNORT)

Master the Art 0:02:56

Master the Art of Threat Modeling: Become a Certified Expert Today! | Practical DevSecOps |

A Tale of 0:33:44

A Tale of Two Hunters: Practical Approaches for Building a Threat Hunting Program

Intelligent Hunting: Using 0:22:22

Intelligent Hunting: Using Threat Intelligence to Guide Your Hunts - SANS CTI Summit 2018

Threat Modeling Explained| 1:15:22

Threat Modeling Explained| How to implement threat modeling| Pros and Cons of Threat Modeling Method

Using Suricata to 0:27:52

Using Suricata to Perform Practical Industrial Control System (ICS) Threat Hunting

STRIDE Threat Modeling 0:21:49

STRIDE Threat Modeling for Beginners - In 20 Minutes

Exabeam Use Case: 0:02:40

Exabeam Use Case: External Threats

Section 15 - 0:11:55

Section 15 - Practical Use Cases - Lecture 8: Working with Threat Intelligence

Threat Hunting using 0:13:04

Threat Hunting using SIEM

Use Case 11 0:08:03

Use Case 11 Threat Hunting

Practical Urban Self 0:00:54

Practical Urban Self Defense/Technique a Week/Knife Threat to Chest, Version 1

STRIDE Threat Modeling 0:12:26

STRIDE Threat Modeling using Microsoft Threat Modeling Tool

MITRE ATT&CK framework 0:27:28

MITRE ATT&CK framework and THREAT HUNTING scenarios

Unveiling Threats: Harness 0:07:18

Unveiling Threats: Harness Power of Attack Trees for Effective Security Analysis | Threat Modeling

Комментарии
Автор

That's very interesting. Thank you very much.

the-baker