Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
In the Lair of the Beholder
Search
Kyle Maxwell
July 08, 2015
Technology
0
97
In the Lair of the Beholder
Kyle Maxwell
July 08, 2015
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
410
Hackertainment
krmaxwell
1
220
Threat Intelligence for Incident Response
krmaxwell
0
170
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
880
Secure Blogging
krmaxwell
0
140
Grabbing fresh evil bits: Maltrieve
krmaxwell
1
150
Other Decks in Technology
See All in Technology
AIでめっちゃ便利になったけど、結局みんなで学ぶよねっていう話
kakehashi
PRO
0
180
Road to Go Gem #rubykaigi
sue445
0
790
技術者はかっこいいものだ!!~キルラキルから学んだエンジニアの生き方~
masakiokuda
2
270
CodePipelineのアクション統合から学ぶAWS CDKの抽象化技術 / codepipeline-actions-cdk-abstraction
gotok365
5
210
更新系と状態
uhyo
7
1.7k
4/17/25 - CIJUG - Java Meets AI: Build LLM-Powered Apps with LangChain4j (part 2)
edeandrea
PRO
0
120
SnowflakeとDatabricks両方でRAGを構築してみた
kameitomohiro
1
420
Cross Data Platforms Meetup LT 20250422
tarotaro0129
1
690
AWSの新機能検証をやる時こそ、Amazon Qでプロンプトエンジニアリングを駆使しよう
duelist2020jp
1
260
コスト最適重視でAurora PostgreSQLのログ分析基盤を作ってみた #jawsug_tokyo
non97
0
420
より良い開発者体験を実現するために~開発初心者が感じた生成AIの可能性~
masakiokuda
0
200
Porting PicoRuby to Another Microcontroller: ESP32
yuuu
4
440
Featured
See All Featured
Bash Introduction
62gerente
611
210k
Code Review Best Practice
trishagee
67
18k
Statistics for Hackers
jakevdp
798
220k
GitHub's CSS Performance
jonrohan
1030
460k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.3k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
Facilitating Awesome Meetings
lara
54
6.3k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.6k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.4k
Automating Front-end Workflow
addyosmani
1369
200k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Transcript
In the Lair of the Beholder Kyle Maxwell @kylemaxwell
[email protected]
How this got started “Beholder” is Product Identity of Wizards
of the Coast
External IOCs How to look? • Blacklists • WHOIS •
Search engine automation • Malware repositories
OSINT is a lot like this
Blacklists Check popular “threat intel data feeds” using Combine plus
Flail https://github.com/mlsecproject/combine https://github.com/krmaxwell/flail Games Workshop
WHOIS Registration of domains relevant to brand or organization name
http://modernfarmer.com/2013/06/cowglyphics-decoding-cattle-brands/
Search Engine Automation Custom Search Engine for paste sites Google
Alerts for key email addresses (executives, honeytokens, etc.)
Malware Repositories YARA: “The pattern matching swiss knife” http://plusvic.github.io/yara/ “Antivirus
that you update using git pull” ~ @tomchop_
YARA Example (super naïve) rule verisign_email { strings: $email_domain =
"@verisign.com" $common_email = "CPS-requests" condition: $email_domain and not $common_email }
Automation “Scumblr is a web application that allows performing periodic
searches and storing / taking actions on the identified results.” https://github.com/Netflix/Scumblr
Lesson: Start off simple
Lesson: Evolve or die
Lesson: Work with others Professionals can usually provide richer details.
Discussion Thanks! @kylemaxwell
[email protected]