Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
In the Lair of the Beholder
Search
Kyle Maxwell
July 08, 2015
Technology
0
97
In the Lair of the Beholder
Kyle Maxwell
July 08, 2015
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
400
Hackertainment
krmaxwell
1
220
Threat Intelligence for Incident Response
krmaxwell
0
170
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
880
Secure Blogging
krmaxwell
0
140
Grabbing fresh evil bits: Maltrieve
krmaxwell
1
150
Other Decks in Technology
See All in Technology
DevinはクラウドエンジニアAIになれるのか!? 実践的なガードレール設計/devin-can-become-a-cloud-engineer-ai-practical-guardrail-design
tomoki10
3
1.3k
スケールアップ企業のQA組織のバリューを最大限に引き出すための取り組み
tarappo
4
930
グループポリシー再確認
murachiakira
0
160
Engineering Managementのグローバルトレンド #emoasis / Engineering Management Global Trend
kyonmm
PRO
6
990
ルートユーザーの活用と管理を徹底的に深掘る
yuobayashi
6
720
Go製のマイグレーションツールの git-schemalex の紹介と運用方法
shinnosuke_kishida
1
400
SpannerとAurora DSQLの同時実行制御の違いに想いを馳せる
masakikato5
0
570
RAGの基礎から実践運用まで:AWS BedrockとLangfuseで実現する構築・監視・評価
sonoda_mj
0
430
初めてのPostgreSQLメジャーバージョンアップ
kkato1
0
400
Multitenant 23ai の全貌 - 機能・設計・実装・運用からマイクロサービスまで
oracle4engineer
PRO
2
120
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
20k
一人QA時代が終わり、 QAチームが立ち上がった話
ma_cho29
0
290
Featured
See All Featured
Embracing the Ebb and Flow
colly
85
4.6k
Fireside Chat
paigeccino
37
3.3k
The Invisible Side of Design
smashingmag
299
50k
Speed Design
sergeychernyshev
28
860
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
30k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.4k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Making Projects Easy
brettharned
116
6.1k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
25k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7.1k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Transcript
In the Lair of the Beholder Kyle Maxwell @kylemaxwell
[email protected]
How this got started “Beholder” is Product Identity of Wizards
of the Coast
External IOCs How to look? • Blacklists • WHOIS •
Search engine automation • Malware repositories
OSINT is a lot like this
Blacklists Check popular “threat intel data feeds” using Combine plus
Flail https://github.com/mlsecproject/combine https://github.com/krmaxwell/flail Games Workshop
WHOIS Registration of domains relevant to brand or organization name
http://modernfarmer.com/2013/06/cowglyphics-decoding-cattle-brands/
Search Engine Automation Custom Search Engine for paste sites Google
Alerts for key email addresses (executives, honeytokens, etc.)
Malware Repositories YARA: “The pattern matching swiss knife” http://plusvic.github.io/yara/ “Antivirus
that you update using git pull” ~ @tomchop_
YARA Example (super naïve) rule verisign_email { strings: $email_domain =
"@verisign.com" $common_email = "CPS-requests" condition: $email_domain and not $common_email }
Automation “Scumblr is a web application that allows performing periodic
searches and storing / taking actions on the identified results.” https://github.com/Netflix/Scumblr
Lesson: Start off simple
Lesson: Evolve or die
Lesson: Work with others Professionals can usually provide richer details.
Discussion Thanks! @kylemaxwell
[email protected]