0.00
0 читателей, 4798 топиков

Using Open Tools to Convert Threat Intelligence into Practical Defenses: Threat Hunting Summit 2016


Threat actors are not magic and there is not an unlimited, unique list of threats for every organization. Enterprises face similar threats from similar threat sources and threat actors – so why does every organization need to perform completely unique risk assessments and prioritized control decisions? This presentation will show how specific, community-driven threat models can be used to prioritize an organization’s defenses – without all the confusion. In this
presentation James Tarala will present a new, open, community-driven threat model that can be used by any industry to evaluate the risk that faces them. Then he will show how to practically
use this model to prioritize enterprise defense and map to existing compliance requirements facing organizations today. Whether you are in the Department of Defense or work for a small mom-and-pop retailer, you will be able to use this model to specifically determine a prioritized defense for your organization.

James Tarala, Principal Consultant, Enclave Security; Senior Instructor, SANS Institute

James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often performs independent security audits and assists internal audit groups in developing their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He holds numerous professional certifications.

ATTEND THE 2017 THREAT HUNTING SUMMIT: dfir.to/ThreatHunting2017

SANS THREAT HUNTING AND INCIDENT RESPONSE COURSES
FOR508: Digital Forensics, Incident Response,

How to Use and Create Threat Intelligence in an Office 365 World - SANS CTI Summit 2019


Everyone is moving to the cloud, specifically Microsoft Cloud. Microsoft expects to have 66 percent of its Office business customers in the cloud by 2019. Doing so makes sense: it’s easier than having on-premises mail servers, it (theoretically) reduces costs, and Microsoft Office 365 has one of the best security teams in the world. However, there is a downside, which is that it’s hard to protect what you can’t see or access. As of today, it is extremely difficult (or impossible, depending on your subscription level) to apply your externally created threat intelligence into Microsoft Office 365 detections. It is even more frustrating to try and search for known indicators on a platform that is not designed to help the security community.

This talk will describe methods and release open-source code to enhance your Office 365 security by analyzing email metadata, attachments, and even full content with tools like stoQ or LaikaBOSS and by looking at how to use that information to research and create actionable threat intelligence via platforms like Splunk.

Dave Herrald (@daveherrald), Staff Security Strategist, Splunk
Ryan Kovar (@meansec), Principal Security Strategist, Splunk

Insights from NSA’s Cybersecurity Threat Operations Center


Dave Hogue, Technical Director, National Security Agency (NSA)

Dave Hogue will provide one of the first in-depth perspectives from a “Day in the Life” of NSA’s Cybersecurity Threat Operations Center (NCTOC)—the mission, threat landscape, and offer best principles for CISOs and other network defenders. Mr. Hogue will equip the audience with actionable insights that they can implement into their daily operations.

Learning Objectives:
1: Gain exclusive insights into top cyberthreats from NSA’s perspective.
2: Learn actionable best practices to use in building an effective cyber-defense posture.
3: Learn about what’s working and what’s not in emerging areas such as machine learning.

www.rsaconference.com/events/us18

Find Information from a Phone Number Using OSINT Tools [Tutorial]


Earn $$. Learn What You Need to Get Certified (90% Off): nulb.app/cwlshop

How to Run an OSINT Investigation on a Phone Number
Full Tutorial: bit.ly/PhoneOSINT
Subscribe to Null Byte: goo.gl/J6wEnH
Kodys Twitter: twitter.com/KodyKinzie

IMPORTANT (JUNE 6, 2019): The OSINT Tools by Mike Bazzel featured in this guide were taken down from his website due to increased DDoS-style attacks, as well as DMCAs and cease-and-desists from some of the tools included. Phoneinfoga will still work in this guide, but for the others, you can try using each companys individual tool instead. You can see how it used to work, however, in this video and on null-byte.com.

When running an OSINT investigation, a phone number can prove to be extremely useful in gathering information about a target. On this episode of Cyber Weapons Lab, well explore a couple tools you can use to extract information from a phone number. First, theres the command-line tool called Phoneinfoga, then theres the web app tool on the IntelTechniques website.

Follow Null Byte on:
Twitter: twitter.com/nullbytewht
Flipboard: flip.it/3.Gf_0
Weekly newsletter: eepurl.com/dE3Ovb

How to Track Airplanes and Filtered Aircraft (Jeff Bezos, Floyd Mayweather and Dan Bilzerian)


In this video I go over the basics of tracking airplanes using Open Source tools and how to view filtered aircraft. While ADS-B Exchanges flight data is temporarily down, you can still view limited traces of flights. Apologies for not getting into the LLC portion I mentioned in the beginning, I believe that deserves a video in itself.

Join the Discord! discord.com/invite/nS58AdW
Buy me a Coffee: www.buymeacoffee.com/codybernardy

Links in video:
flightradar24.com
flightaware.com
adsbexchange.com
globe.adsbexchange.com
registry.faa.gov/AircraftInquiry/Search/

Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC Talk


Every single day we use search engines to look for things on the internet. Defenders research a domain or IP that contains malware. Attackers look for email addresses for an upcoming phishing campaign. DFIR people examine locations and usernames that they acquired from a subjects computer. Policy and compliance people examine the risk that employees in their organizations might bring to work. Recruiters scour the internet looking for candidates. And «normal people» shop, date, geolocate, post, tweet, and otherwise send a huge amount of data to the public internet. While search engines harvest, store, and index billions of web site data points every day, there is much they do not contain. These pieces of OSINT data can, when put in perspective and analyzed, reveal target geolocations, friends and associates, alcohol consumption, user passwords, and more. This talk will be a series of hands on, live demos where we put our OSINT skills to work in unconventional places to harvest this unindexed OSINT data. Using free web sites, built in web browser tools, and free python scripts, Micah will show attendees how to harvest data from social media applications, the «whois» system, and from breach data that will not appear in search engine results. Students will gain a better understanding of JSON, APIs, reverse whois, and how to run python tools. Come join Micah as he examines how to move beyond «Googling it» in your personal and professional lives.

Speaker Bio
Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micahs SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and hes been a SANS Certified Instructor since 2013. Hes the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.

Open Source Intelligence 101


From Wild West Hackin Fest 2018 in Deadwood, SD.
Presenter: April C. Wright

April C. Wright is a hacker, writer, teacher, and community leader with over 25 years of breaking, making, fixing, and defending global critical communications and connections. She is an international speaker and trainer, educating others about personal privacy and information security with the goal of safeguarding the digital components we rely on every day. A security specialist for a Fortune 15 company and an OReilly author, April has held roles on offensive, defensive, operational, and development teams throughout her career, and been a speaker and contributor at numerous security conferences including BlackHat, DEF CON, DerbyCon, Hack in Paris, DefCamp, ITWeb, as well as for the US Government and industry organizations such as OWASP and ISSA. She has started multiple small businesses including a non-profit, is a member of the DEF CON Groups Core Team, and in 2017 she co-founded the Boston DEF CON Group DC617.

Follow Wild West Hackin Fest on Twitter here: twitter.com/wwhackinfest

Website

Aaron Jones: Introduction to Shodan


Aaron Jones presented «Introduction To Shodan» at the Phoenix Linux Users Groups security meeting on July 19th 2018

Introduction To Shodan is designed to provide an overview of the search engine for finding devices connected to the internet. Shodan is a security researcher tool that works by scanning the entire internet, locating and parsing banners, and then returning this information to the user. Shodan is an excellent tool to familiarize yourself with if you do not have the infrastructure or tools necessary to run masscan yourself. Shodan is useful in the target selection phase of an operation.

Follow along at:
retro64xyz.gitlab.io/presentations/2018/07/07/introduction-to-shodan/

About Aaron:
Aaron is an experienced Linux user with several years of teaching experience. He works in the industry as a software developer while also providing consultancy on cyber security related topics. His discussions are AZ Post certified for training credit for law enforcement and he prides himself on providing quality educational material that is relevant and topical. He has a Masters Degree in Intelligence Analysis with a focus in Cyber Security, is a life long learner, and prides himself on staying up to date with the ever changing field of cyber security.

If you like what you see here and live in the Phoenix, Arizona area, the Phoenix Linux Users Group meets several times a month. Please visit PhxLinux.org for meeting times and locations then come see the presentations live and uncut.