1 / 36

“White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT

“White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT. Christopher R. Barber, CISSP, C|EHv7 Threat Analyst Solutionary Inc. Security Engineering Research Team (SERT). Introduction.

tomai
Download Presentation

“White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT Christopher R. Barber, CISSP, C|EHv7 Threat Analyst Solutionary Inc. Security Engineering Research Team (SERT)

  2. Introduction • Member of Solutionary’s Security Engineering Research Team (SERT) specializing in threat intelligence and analysis • Research and discovery of emerging threats and vulnerabilities • Use of Open-Source Intelligence Techniques(OSINT) for tracking threat actor activities • Analysis of threat landscape trends monthly and high level analysis annually

  3. Outline • Challenges • Establishing Anonymity • OSINT Tools and Techniques • Sources • Information Sharing

  4. Challenges • Anonymity Challenges • Source Information Challenges • Intelligence Sharing Challenges

  5. Anonymity Challenges • Security policy prohibits the use of 3rd party VPN providers and access to TOR network • Lack of funds, resources and personnel for the development of secure anonymous channels.

  6. Source Information Challenges • Large volumes of information from a diverse collection of sources • Being able to discern between valid information and injected disinformation • Personnel and Resources

  7. Intelligence Sharing Challenges • Conflicts between organizations due to differences in security policies • Lack of security from collaborating organization leads to pivot point for compromise

  8. Establishing Anonymity • Having an unknown or unacknowledged name • Having an unknown or withheld authorship or agency • Having no distinctive character or recognition factor • Being able to gather information in a manner that does not reveal your personal, professional, or organizations identity

  9. Digital Paper Trail: The bread crumbs left as we traverse the cyber domain. • IP Address • User Agent • Cookies • Behavioral habits

  10. Anonymizing Service Providers • Private Internet Access • HideMyAss • BlackVPN • IVPN • AirVPN • TorGuard

  11. Anonymizing Virtual Machines • Whonix • Tor Middlebox • Tails VM

  12. Whonix

  13. Tor Middlebox • Works as proxy between host machine and Virtualbox • Routes all VM traffic through Tor proxy on host machine

  14. Tails Virtual Machine

  15. Open-Source Intelligence • Collection and analysis of information gathered from publicly available sources • Sources involve any form of electronic or printed material available in the public domain • Intelligence is obtained through the statistical analysis of the occurrence and relationships between pieces of information

  16. Tools and Techniques for OSINT • Collection Tools • Search Engines • Social Media • Intelligence sources

  17. Collection Tools • Paterva/Maltego • Recorded Future

  18. Maltego

  19. Recorded Future

  20. Search Engines • Google Custom Searches • Iseek • Addic-to-matic • Shodan

  21. Google Custom Search

  22. Google Custom Search

  23. iSeek

  24. Addict-o-matic

  25. Shodan

  26. Social Media • Facebook • Twitter • Google+

  27. Dump Sites • Pastebin • Reddit • AnonPaste • PirateBay • Zone-H • Pastie

  28. Honey Pots and Nets • Provides automated method for distributed traffic analysis. • Provides early signs of malware or botnet activities.

  29. Intelligence Sources • Cyber War News • The Hacker News • Darkreading.com • FirstHackNews

  30. Shared Intelligence • Intelligence Sharing Organizations • Intelligence Assimilation and Sharing Applications

  31. Intelligence Sharing Organizations

  32. Intelligence Assimilation and Sharing Applications • Structure Threat Information eXpression (STIX) • Trusted Automated eXchange of Indicator Information (TAXII) • Common Attack Pattern Enumeration and Classification (CAPEC)

  33. Intelligence in Depth • Intelligence research and analysis should be practiced with the idea of “defense in depth”. • Validity and actionable predictions can only be made with the collective analysis of multiple sources.

  34. Solutionary’s 2013 Global Threat Intelligence Report http://go.solutionary.com/GTIR.html Solutionary Minds Blog http://www.solutionary.com/resource-center/blog/

  35. Thank YouQuestions?

More Related