Upload
nathaniel-poole
View
220
Download
1
Tags:
Embed Size (px)
Citation preview
“White Hat Anonymity”: Current challenges security researchers face preforming
actionable OSINT
Christopher R. Barber, CISSP, C|EHv7Threat Analyst Solutionary Inc.
Security Engineering Research Team (SERT)
Introduction
• Member of Solutionary’s Security Engineering Research Team (SERT) specializing in threat intelligence and analysis
• Research and discovery of emerging threats and vulnerabilities
• Use of Open-Source Intelligence Techniques(OSINT) for tracking threat actor activities
• Analysis of threat landscape trends monthly and high level analysis annually
Outline
• Challenges
• Establishing Anonymity
• OSINT Tools and Techniques
• Sources
• Information Sharing
Challenges
• Anonymity Challenges
• Source Information Challenges • Intelligence Sharing Challenges
Anonymity Challenges
• Security policy prohibits the use of 3rd party VPN providers and access to TOR network
• Lack of funds, resources and personnel for the development of secure anonymous channels.
Source Information Challenges• Large volumes of information from a diverse
collection of sources
• Being able to discern between valid information and injected disinformation
• Personnel and Resources
Intelligence Sharing Challenges• Conflicts between organizations due to
differences in security policies
• Lack of security from collaborating organization leads to pivot point for compromise
Establishing Anonymity
• Having an unknown or unacknowledged name
• Having an unknown or withheld authorship or agency
• Having no distinctive character or recognition factor
• Being able to gather information in a manner that does not reveal your personal, professional, or organizations identity
Digital Paper Trail: The bread crumbs left as we traverse the cyber domain.
• IP Address
• User Agent
• Cookies
• Behavioral habits
Anonymizing Service Providers• Private Internet Access• HideMyAss• BlackVPN• IVPN• AirVPN• TorGuard
Anonymizing Virtual Machines
• Whonix
• Tor Middlebox
• Tails VM
Whonix
Tor Middlebox
• Works as proxy between host machine and Virtualbox
• Routes all VM traffic through Tor proxy on host machine
Tails Virtual Machine
Open-Source Intelligence
• Collection and analysis of information gathered from publicly available sources
• Sources involve any form of electronic or printed material available in the public domain
• Intelligence is obtained through the statistical analysis of the occurrence and relationships between pieces of information
Tools and Techniques for OSINT
• Collection Tools
• Search Engines
• Social Media
• Intelligence sources
Collection Tools
• Paterva/Maltego
• Recorded Future
Maltego
Recorded Future
Search Engines
• Google Custom Searches
• Iseek
• Addic-to-matic
• Shodan
Google Custom Search
Google Custom Search
iSeek
Addict-o-matic
Shodan
Social Media
• Google+
Dump Sites
• Pastebin• Reddit• AnonPaste• PirateBay• Zone-H• Pastie
Honey Pots and Nets• Provides automated method for distributed
traffic analysis.• Provides early signs of malware or botnet
activities.
Intelligence Sources
• Cyber War News• The Hacker News• Darkreading.com• FirstHackNews
Shared Intelligence
• Intelligence Sharing Organizations
• Intelligence Assimilation and Sharing Applications
Intelligence Sharing Organizations
Intelligence Assimilation and Sharing Applications
• Structure Threat Information eXpression (STIX)
• Trusted Automated eXchange of Indicator Information (TAXII)
• Common Attack Pattern Enumeration and Classification (CAPEC)
Intelligence in Depth• Intelligence research and analysis
should be practiced with the idea of “defense in depth”.
• Validity and actionable predictions can only be made with the collective analysis of multiple sources.
Solutionary’s 2013 Global Threat Intelligence Report
http://go.solutionary.com/GTIR.html
Solutionary Minds Bloghttp://www.solutionary.com/resource-
center/blog/
Thank You
Questions?