Cyber Threat Workshops

Know Yourself: Attack Surface Intelligence

background image

In this Cyber Threat Workshop, we will explore using hands-on exercises with RiskIQ Illuminate Internet Intelligence Platform:

Graph and Identify
Ransomware and Phishing Threats

  • Internet Graphing and History
  • Infrastructure Chaining and Pivoting
  • Adversary-Threat Fingerprinting
  • Associate Threat Systems and Distribution

Adversary-Threat Infrastructure
and Third-Party Connections

  • Expand threat search from one to thousands
  • Identify relationships and related infrastructure, including depth indicators from certificates, banners, and NetFlow

Broad Scope, Global Scale
Attacks (and Defenses)

  • See where and how threats become entangled with third-party attack surfaces
  • Learn new techniques for attribution, from system to user to threat group
  • Find and eliminate global scale attacks originating with third-parties and other digital dependencies

Our team will combine real-world observations of attackers using third-party attacks (global scale, opportunistic attacks) to scam, spam, and phish organizations like yours under the guise of a trusted third-party. Examples will include expansion discovery from a single attack source into the ecosystem of third-party attack surfaces entangled with adversary-threat infrastructure.

We will explore tooling and malicious distribution (sharing) to propagate ransomware and phishing tools for more scaled attacks and rapid variants accessible to thousands of threat actors and groups.

Hands-on labs and exercises will show how to expose real-life malicious and/or risky applications, hosts, domains, and components from services to silicon—every layer of your exploitable attack surface. In addition to improving your cyber threat skills, you get 2 CPE credits for attending.

WARNING: During this highly sensitive workshop, RiskIQ will share intelligence that has implications on national security for the United States. As such, RiskIQ will not distribute recordings from this specific cyber threat workshop. You must be present to receive threat intelligence resources, including threat actor tracking via related malicious infrastructure fingerprints.

Attend and Learn:

  • Introduction: Security Intelligence
  • Introduction to ransomware and phishing tools and instrumentation
  • Techniques for third-party infrastructure mapping
  • How to identify ransomware and phishing attacks
  • How to graph connected threats entangled with third-party systems
  • Real-world use cases with hands-on exercises, labs, and investigations
  • Earn 2 CPE Credits

*Certificates for completion are distributed for attending the entire workshop

Agenda

TimeSession
10:00 a.m.Welcome and Introduction
  • Internet Graphing and History
  • Introduction to RiskIQ Datasets
  • Chaining Infrastructure to Find Relationships
  • Adversary-Threat Infrastructure and Tool Fingerprinting
  • Global Distribution of Ransomware and Phishing Tools
  • Connection Points, Entanglements with Third-Party Systems
Use Cases – Hands-On Exercises and Investigations
  • Using RiskIQ Illuminate, we'll show two paths for threat investigations. First, we will explore an active alert requiring context, triage, and response insights. Second, we will practice strategic threat hunting by pivoting to build artifacts on adversary-threat infrastructure (i.e. one-to-many threat actors).
12:00 p.m.Wrap up