RiskIQ's Internet Intelligence graph defines the web's composition by mapping web pages and the many different remote resources that come together to create them, including SSL certificates. With this information, RiskIQ can link infrastructure showing the interconnectivity of various entities across the web, identifying each web asset's dependencies and pathways. Recently, RiskIQ researchers leveraged these connections while investigating OceanLotus activity to uncover a considerable swath of new infrastructure the cyber espionage group used in operations across Europe.
In this webinar, RiskIQ VP of Strategy Brandon Dixon and Maltego's Steffen Iwan & Florian Murschetz will demonstrate how RiskIQ PassiveTotal and its integration with Maltego help researchers and analysts identify and visualize relationships in attacker infrastructure. By tapping into the internet intelligence graph and visualizing its connections, even advanced, well-funded APTs can't hide for long.
Watch our panel cover:
- How a unique SSL certificate associated with the espionage group's infrastructure helped us correlate it with more than 70 IP addresses, which helped reporters from German Publications BR24 and Zeit Online track Ocean Lotus activity across Europe.
- How this custom certificate and its associated IP addresses led to the infrastructure, OceanLotus uses to deploy Windows-based malware.
- How similarities between campaigns—tactics, malware, and even infrastructure—can be a strong indicator that a particular IP Address is associated with a certain APT.
- How unique data sets in RiskIQ PassiveTotal combined with Maltego’s visualization capabilities can help researchers and analysts quickly enumerate infrastructure related to seemingly disparate campaigns to paint a vivid picture of the threat landscape targeting their organization.
Brandon has spent his career in information security performing analysis, building tools, and refining processes. As VP of Strategy, he is responsible for aligning RiskIQ to the market, influencing product strategy and furthering partnerships. Prior to RiskIQ, Brandon was the co-founder of PassiveTotal (acquired by RiskIQ) where he led development and product direction. Throughout the years, Brandon has developed several public tools, most notably PDF X-RAY, and NinjaJobs. His research and development on various security topics have gained him accolades from many major security vendors and peers in the industry.
Business Development, Maltego
Steffen is responsible for Key Accounts at Maltego, and has worked with many teams in security operations to deploy Maltego successfully on large scale.
Subject Matter Expert, Maltego
Florian is a IT and security specialist of more than 10 years of professional experience. He supported internal and customers in vulnerability management, pentesting, incident handling and IT-Forensics. Besides his day job, he is active in "telnet community", a local hackspace and is a fellow in the CCC community.