Cyber Threat Workshop

Using Cyber Threat Intelligence to Map Adversary-Threat Infrastructure

background image

In this Cyber Threat Workshop, we build on what we’ve learned from previous Summer Camp 2021 workshops. Cybercriminals, hacktivists, and even nation-state threats evolve tactics, techniques, and procedures (TTPs) to improve their malicious capabilities. However, sustainable, scalable threat intelligence comes from observing threat infrastructure and behavior, regardless of the threat actor operating it.

Internet Discovery
and Attack Surface Graphing

  • Internet Graphing and History
  • Infrastructure Chaining and Pivoting
  • Third-Party Attack Surface Intelligence
  • Expanded Vulnerabilities and Exposures

Enhanced Open Source Intelligence
(OSINT) and Threat Insights

  • Curate open-source intelligence relevant to your attack surface
  • Identify enhanced indicators based on infrastructure fingerprinting
  • See where and how threats become entangled with your attack surface
  • Track and expand threats dynamically

Adversary Fingerprinting:
APTs and Adversary-Threat Infrastructure

  • Examine context and complexity
  • Unmask threat groups (APTs)
  • Pinpoint threat tooling and sharing among cybercriminals
  • Find and eliminate global scale attacks and zero-day vulnerabilities

Our team of security experts show how to use Attack Surface Intelligence combined with adversary fingerprinting to connect global internet observations into a single worldwide attack surface—you and other legitimate third-parties and adversaries and their tools and systems.

We leverage cyber threat intelligence to map, monitor, track, and mitigate risks from adversary-threat infrastructure. You uncover entanglements between legitimate, benign attack surfaces and the adversary’s unique attack surface. With this view, we turn one threat actor into thousands based on the distribution and sharing capabilities (e.g., tooling, backdoors, kits, and contracted skills).

NOTE: RiskIQ Cyber Threat Intelligence is the world’s only continuously updated threat intelligence, drawing from active observations of real-world threats and their evolving infrastructure. We advise participants to use extreme caution in this workshop, as you directly interact with adversary-threat infrastructure for which you may have limited defense.

Hands-on labs will include but are not limited to direct interactions with infrastructure attributed to highly advanced threat actors, including but not limited to APT29, APT33, and MustangPanda (aka TA416, RedDelta).

Watch and Learn:

  • Introduction: Security Intelligence
  • Techniques for cyber threat analysis and management
  • How to leverage attack surface intelligence for faster threat investigations and response
  • Tools and techniques propagated by threat actors and groups, especially kits and variants
  • Real-world use cases with hands-on exercises, labs, and investigations