In this talk, I’ll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I’ll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I’ll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers. I’ll also be releasing a suite of tools I created to help threat researchers perform tracking and attribution.
Andrew is someone who I first met at NovaHackers, and when I first met him I thought “This is someone to keep an eye on, he’s going to be doing some pretty awesome things”. Well Andrew, you have! This talk had specific interest to me as one of my own projects is kinda about doing threat-Intel cheaply.