Cyber Threat Workshop

Adversary-Threat Infrastructure

background image

Threat Actor Profiles and Tools

We continue our Summer Camp Series by learning how to identify common threat actors and malicious tools used in global-scale cyber attacks.

Moment by moment the internet changes. Infrastructure, apps, pages, attackers, services, third parties—and everything else on the web are dynamic. As a result, the enterprise attack surface becomes elastic, continuously evolving. Meanwhile, cybercriminals, hacktivists, and even nation-state threats all remake their tactics, techniques, and procedures (TTPs) to improve malicious capabilities. All of this combines to create hidden risk. Every enterprise gets entangled with threats and adversary-threat infrastructure anywhere, everywhere, all the time. Sustainable, durable digital protection comes from fingerprinting malicious tools and adversary infrastructure to defend against threats today and threats yet to be deployed.

Our experts demonstrate how to identify cyber threats relevant to your unique attack surface (digital footprint) and pinpoint threats entangled with your digital presence—kits, C2 servers, remote access trojans (RATs), and malicious associations and alliances, including threat tools shared among thousands of threat actors.

Internet Discovery
and Attack Surface Graphing

  • Internet Graphing and History
  • Infrastructure Chaining and Pivoting
  • Third-Party Attack Surface Intelligence
  • Expanded Vulnerabilities and Exposures

Adversary-Threat Infrastructure
and Activity

  • Expand threat search from one to thousands
  • Identify relationships and related infrastructure, including depth indicators from certificates, banners, and NetFlow

Threat Tools:
From One to Many

  • See where and how threats become entangled with your attack surface
  • Learn new techniques for attribution, from system to user to threat group
  • Find and eliminate global scale attacks and zero-day vulnerabilities for you, third-parties, and other digital dependencies

Our team of security experts show how to leverage Cyber Threat Intelligence and Adversary-Threat Infrastructure Tracking by combining sub-host components and real-world observation of attackers using shared malicious systems. Examples will include global visibility tracking for SolarWinds’s latest critical vulnerabilities, remote access trojans (RATs), and mobile malware used to infiltrate legitimate apps and app stores.

We explore tooling and malicious distribution (sharing) between threat groups, APTs, and their presence within your attack surface, including but not limited to Axiom (CN), APT15 (CN), APT29 (RU), APT33 (Iran), among other threat groups.

Hands-on labs and exercises show how to expose real-life malicious and risky applications, hosts, domains, and components from services to silicon—every layer of your exploitable attack surface.

Watch and Learn:

  • Introduction: Security Intelligence
  • Techniques for adversary-threat fingerprinting
  • How to identify connected threat systems and infrastructure
  • Tooling and instrumentation and usage among many threat actors and groups
  • Real-world use cases with hands-on exercises, labs, and investigations