Save 37% off PRO during our Black Friday Sale! »

NSHC: Security in the Age of the Dark Web

Dd9d954997353b37b4c2684f478192d3?s=47 Elastic Co
December 12, 2017

NSHC: Security in the Age of the Dark Web

Byungkyu Choi | VP Business Strategy | NSHC

Dd9d954997353b37b4c2684f478192d3?s=128

Elastic Co

December 12, 2017
Tweet

Transcript

  1. 0 최병규 부사장

  2. 1 Consulting & Training Vulnerability Scanner & Analysis Penetration Testing

    Information Security Consulting Real-world Hacking Simulation Mobile App Security Checking Mobile Security Solutions nFilter: Secured Keypad Droid-X: Mobile Antivirus DxScanner: App Security QA DxShield: App Protection Service Research NSHC (Japan) NSHC Inc. Located in Japan Advanced Hacking Lab Zero-day Vulnerability Hunting Team Security Training Team Red Alert Team NSHC (Korea) NSHC Inc. Located in South Korea NSHC (Singapore) NSHC Pte, Ltd. Located in Singapore MOBILE / CYBER SECURITY No.1 NSHC NSHC symbols “Network Security Hacking Club”
  3. 2 OSINT란? Open Source INTelligence, OSINT는 공개된 출처에서 얻은 정보들을

    말 한다. 한국에서는 영어 그대로 OSINT, 오신트, 오픈소스 인텔리전스 또는 공개정보, 공개 된 정보, 공개소스정보, 오픈소스정보 등으로 불린다. CIA 등 국립정보기관이나 민간정보 회사에서 수집하는 정보의 종류는 인간정보(HUMINT, 휴민트), 신호정보(SIGINT, 시긴트), 공개출처정보(OSINT, 오신트), 기술정보(TECHINT, 테킨트) 등으로 나뉜다. OSINT ?
  4. 3 What is the deep web ?

  5. 4 What is the deep web ?

  6. 5 What is the deep web ?

  7. 6 What is purpose using deep web ?

  8. 7

  9. 8 Driving License, Passport.. And ?

  10. 9 Weapon

  11. 10 Human experimentation

  12. 11 Leaked Information about military and defense Industry

  13. 12 Social Network ID and Private Information

  14. 13 Credit Card

  15. 14 Credit card information in Black Market

  16. 15

  17. 16 Ransomware as a Service “BrokersRass Ransomware”

  18. 17 Ransomware as a Service “RaaSbery Ransomware & Ranion Ransomware”

  19. 18 Ransomware as a Service “Princess Ransomware & Sage 2.2

    Ransomware”
  20. 19 Ransomware as a Service “Custom Build & Blackmail &

    Stampado Ransomware”
  21. 20 Ransomware as a Service “Satan Ransomware ”

  22. 21

  23. 22 CASE 1 : Ransomware Analysis “Ransomware as a service

    → Results 22,304”
  24. 23 “Cerber Ransomware” CASE 1 : Ransomware Analysis

  25. 24 “Cerber Ransomware” Related Clean DNS - http://4tes**.tk (185.61.149.*) :

    Malware Distribution Network - http://slav**.cf (185.61.149.*) : Malware Upload & Download Site(for test) - http://minerinsto**.com (185.61.149.*) : Selling for Bitcoin/Litcoin/Ethereum Miner Cerber Server Location - 4140cfad84.vps.yourserver.se(104.27.174.*) CASE 1 : Ransomware Analysis
  26. 25 “Cerber Ransomware : There are not matches with Antivirus”

    CASE 1 : Ransomware Analysis
  27. 26 “Send matched keyword using Slack API” (Every 6 hours)

    CASE 2 : Auto Keyword Matching(Slack Alarm)
  28. 27 “Automation Keyword Searching Data Analysis” (Confidential Information) CASE 2

    : Auto Keyword Matching(Slack Alarm)
  29. 28 “Auto Keyword Matching Analysis” (Private Information) CASE 2 :

    Auto Keyword Matching(Slack Alarm)
  30. 29 CASE 3 : Issue Analysis(Kibana) “Issue analysis in deep

    web world”
  31. 30 Intelligence System with ES : Next ? Deep Web

    + Machine Learning(X-Pack) = ???
  32. 31 자사에서 제작한 딥웹 수집, 분석 시스템을 통해 고객사 위협

    정보를 추적 관리합니다. 딥웹(다크웹)에서 운영되고 있는 숨겨진 서비스 탐지, 엘라스틱 서치를 이용한 웹 컨텐츠 빠른 검색, 실제 IP판별, 유사 사이트 판별, 각종 그래프를 통해 다양한 기능으로 잠재적 위협 요소를 파악하여 정보를 제공합니다. 위협 정보 제공 (Threat Intelligence Service)
  33. 32