Cyber Threat Workshop

July 29, 2021, 10:00 a.m. PST

background image

Adversary-Threat Infrastructure: Threat Actor Profiles and Tools

We will continue our Summer Camp Series by learning how to identify common threat actors and malicious tools used in global-scale cyber attacks.

Moment by moment the internet changes. Infrastructure, apps, pages, attackers, services, third parties—and everything else on the web are dynamic. As a result, the enterprise attack surface becomes elastic, continuously evolving. Meanwhile, cybercriminals, hacktivists, and even nation-state threats all remake their tactics, techniques, and procedures (TTPs) to improve malicious capabilities. All of this combines to create hidden risk. Every enterprise gets entangled with threats and adversary-threat infrastructure anywhere, everywhere, all the time. Sustainable, durable digital protection comes from fingerprinting malicious tools and adversary infrastructure to defend against threats today and threats yet to be deployed.

Our experts will demonstrate how to identify cyber threats relevant to your unique attack surface (digital footprint) and pinpoint threats entangled with your digital presence—kits, C2 servers, remote access trojans (RATs), and malicious associations and alliances, including threat tools shared among thousands of threat actors.

Internet Discovery
and Attack Surface Graphing

  • Internet Graphing and History
  • Infrastructure Chaining and Pivoting
  • Third-Party Attack Surface Intelligence
  • Expanded Vulnerabilities and Exposures

Adversary-Threat Infrastructure
and Activity

  • Expand threat search from one to thousands
  • Identify relationships and related infrastructure, including depth indicators from certificates, banners, and NetFlow

Threat Tools:
From One to Many

  • See where and how threats become entangled with your attack surface
  • Learn new techniques for attribution, from system to user to threat group
  • Find and eliminate global scale attacks and zero-day vulnerabilities for you, third-parties, and other digital dependencies

Our team of security experts will show how to leverage Cyber Threat Intelligence and Adversary-Threat Infrastructure Tracking by combining sub-host components and real-world observation of attackers using shared malicious systems. Examples will include global visibility tracking for SolarWinds’s latest critical vulnerabilities, remote access trojans (RATs), and mobile malware used to infiltrate legitimate apps and app stores.

We will explore tooling and malicious distribution (sharing) between threat groups, APTs, and their presence within your attack surface, including but not limited to Axiom (CN), APT15 (CN), APT29 (RU), APT33 (Iran), among other threat groups.

Hands-on labs and exercises will show how to expose real-life malicious and risky applications, hosts, domains, and components from services to silicon—every layer of your exploitable attack surface. In addition to improving your cyber threat skills, you get 2 CPE credits for attending.

WARNING: During this highly sensitive workshop, RiskIQ will share intelligence that has implications on national security for the United States. As such, RiskIQ will not distribute recordings from this specific cyber threat workshop. You must be present to receive threat intelligence resources, including threat actor tracking via related malicious infrastructure fingerprints.

Attend and Learn:

  • Introduction: Security Intelligence
  • Techniques for adversary-threat fingerprinting
  • How to identify connected threat systems and infrastructure
  • Tooling and instrumentation and usage among many threat actors and groups
  • Real-world use cases with hands-on exercises, labs, and investigations
  • Earn 2 CPE Credits

*Certificates for completion are distributed for attending the entire workshop


10:00 a.m.Welcome and Introduction
  • Internet Graphing and History
  • Introduction to RiskIQ Datasets
  • Chaining Infrastructure to Find Relationships
  • Adversary-Threat Infrastructure and Fingerprinting
  • Common Tools and Malicious Instrumentation
  • Connection Points and Interactions with Threat Systems
Use Cases – Hands-On Exercises and Investigations
  • Using RiskIQ Illuminate, we'll show two paths for threat investigations. First, we will explore a critical vulnerability to understand its prevalence in the worldwide attack surface with context, triage, and response insights. Second, we will practice strategic threat hunting by pivoting to build artifacts on adversary-threat tools and which threat actors use them for cyber attacks (i.e., one-to-many threat actors).
12:00 p.m.Wrap up