Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
In the Lair of the Beholder
Search
Kyle Maxwell
July 08, 2015
Technology
0
100
In the Lair of the Beholder
Kyle Maxwell
July 08, 2015
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
430
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
180
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Grabbing fresh evil bits: Maltrieve
krmaxwell
1
160
Other Decks in Technology
See All in Technology
Why React!?? Next.jsそしてReactを改めてイチから選ぶ
ypresto
10
4.3k
多野優介
tanoyusuke
1
230
【新卒研修資料】LLM・生成AI研修 / Large Language Model・Generative AI
brainpadpr
23
16k
BtoBプロダクト開発の深層
16bitidol
0
170
Escaping_the_Kraken_-_October_2025.pdf
mdalmijn
0
110
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
160
PythonとLLMで挑む、 4コマ漫画の構造化データ化
esuji5
1
130
AIが書いたコードをAIが検証する!自律的なモバイルアプリ開発の実現
henteko
1
330
stupid jj tricks
indirect
0
7.8k
LLMアプリケーション開発におけるセキュリティリスクと対策 / LLM Application Security
flatt_security
7
1.8k
生成AIで「お客様の声」を ストーリーに変える 新潮流「Generative ETL」
ishikawa_satoru
1
290
Modern_Data_Stack最新動向クイズ_買収_AI_激動の2025年_.pdf
sagara
0
190
Featured
See All Featured
How to Think Like a Performance Engineer
csswizardry
27
2k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
890
GraphQLとの向き合い方2022年版
quramy
49
14k
Git: the NoSQL Database
bkeepers
PRO
431
66k
How to train your dragon (web standard)
notwaldorf
96
6.3k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
For a Future-Friendly Web
brad_frost
180
9.9k
Scaling GitHub
holman
463
140k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
960
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
Transcript
In the Lair of the Beholder Kyle Maxwell @kylemaxwell
[email protected]
How this got started “Beholder” is Product Identity of Wizards
of the Coast
External IOCs How to look? • Blacklists • WHOIS •
Search engine automation • Malware repositories
OSINT is a lot like this
Blacklists Check popular “threat intel data feeds” using Combine plus
Flail https://github.com/mlsecproject/combine https://github.com/krmaxwell/flail Games Workshop
WHOIS Registration of domains relevant to brand or organization name
http://modernfarmer.com/2013/06/cowglyphics-decoding-cattle-brands/
Search Engine Automation Custom Search Engine for paste sites Google
Alerts for key email addresses (executives, honeytokens, etc.)
Malware Repositories YARA: “The pattern matching swiss knife” http://plusvic.github.io/yara/ “Antivirus
that you update using git pull” ~ @tomchop_
YARA Example (super naïve) rule verisign_email { strings: $email_domain =
"@verisign.com" $common_email = "CPS-requests" condition: $email_domain and not $common_email }
Automation “Scumblr is a web application that allows performing periodic
searches and storing / taking actions on the identified results.” https://github.com/Netflix/Scumblr
Lesson: Start off simple
Lesson: Evolve or die
Lesson: Work with others Professionals can usually provide richer details.
Discussion Thanks! @kylemaxwell
[email protected]