Cyber Threat Workshop

July 15, 2021, 10:00 a.m. PST

background image

Using Cyber Threat Intelligence to
Map Adversary-Threat Infrastructure

In this Cyber Threat Workshop, we build on what we’ve learned from previous Summer Camp 2021 workshops. Cybercriminals, hacktivists, and even nation-state threats evolve tactics, techniques, and procedures (TTPs) to improve their malicious capabilities. However, sustainable, scalable threat intelligence comes from observing threat infrastructure and behavior, regardless of the threat actor operating it.

Internet Discovery
and Attack Surface Graphing

  • Internet Graphing and History
  • Infrastructure Chaining and Pivoting
  • Third-Party Attack Surface Intelligence
  • Expanded Vulnerabilities and Exposures

Enhanced Open Source Intelligence
(OSINT) and Threat Insights

  • Curate open-source intelligence relevant to your attack surface
  • Identify enhanced indicators based on infrastructure fingerprinting
  • See where and how threats become entangled with your attack surface
  • Track and expand threats dynamically

Adversary Fingerprinting:
APTs and Adversary-Threat Infrastructure

  • Examine context and complexity
  • Unmask threat groups (APTs)
  • Pinpoint threat tooling and sharing among cybercriminals
  • Find and eliminate global scale attacks and zero-day vulnerabilities

Our team of security experts will show how to use Attack Surface Intelligence combined with adversary fingerprinting to connect global internet observations into a single worldwide attack surface—you and other legitimate third-parties and adversaries and their tools and systems.

We will leverage cyber threat intelligence to map, monitor, track, and mitigate risks from adversary-threat infrastructure. You will uncover entanglements between legitimate, benign attack surfaces and the adversary’s unique attack surface. With this view, we’ll turn one threat actor into thousands based on the distribution and sharing capabilities (e.g., tooling, backdoors, kits, and contracted skills).

NOTE: RiskIQ Cyber Threat Intelligence is the world’s only continuously updated threat intelligence, drawing from active observations of real-world threats and their evolving infrastructure. We advise participants to use extreme caution in this workshop, as you directly interact with adversary-threat infrastructure for which you may have limited defense.

Hands-on labs will include but are not limited to direct interactions with infrastructure attributed to highly advanced threat actors, including but not limited to APT29, APT33, and MustangPanda (aka TA416, RedDelta). In addition to improving your cyber threat skills, you get 2 CPE credits for attending.

Attend and Learn:

  • Introduction: Security Intelligence
  • Techniques for cyber threat analysis and management
  • How to leverage attack surface intelligence for faster threat investigations and response
  • Tools and techniques propagated by threat actors and groups, especially kits and variants
  • Real-world use cases with hands-on exercises, labs, and investigations
  • Earn 2 CPE Credits

*Certificates for completion are distributed for attending the entire workshop

Agenda

TimeSession
10:00 a.m.Welcome and Introduction
  • Internet Graphing and History
  • Introduction to RiskIQ Datasets
  • Chaining Infrastructure to Find Relationships
  • Attack Surface Intelligence
  • Adversary-Threat Infrastructure and Fingerprinting
  • Automate Cyber Threat Intelligence for Elastic Defense
Use Cases – Hands-On Exercises and Investigations
  • Using RiskIQ Illuminate, we'll show two paths for threat investigations. First, we will explore an active alert requiring context, triage, and response insights. Second, we will practice strategic threat hunting by pivoting to build artifacts on adversaries and/or infrastructure of interest.
12:00 p.m.Wrap up