Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ThreatHunting_ThinkingAboutTomorrow_Bogota2019.pdf

Tazz
March 14, 2019
Business
1
210

 ThreatHunting_ThinkingAboutTomorrow_Bogota2019.pdf

This presentation was previously given to a hacker community in 2017, and it was updated and tailored for the business-concentric security audience in Bogota (2019). This presentation presents a new way of thinking about threats - strategically. It identifies the differences between tactical and strategic threat intelligence, and then it offers connections between eight* categories of real world threat triggers/events and the items that may become strategic targets as a result of the trigger or event. It then closes with a few suggestions on how to develop threat intelligence.

*Technology, Economics, Business, Military, Diplomatic, Infrastructure, Cultural/Professional, and Religious

The talk includes three links: two for reading recommendations and one for an online resource with verbose information about power plants around the world.

Tazz

March 14, 2019
Tweet

More Decks by Tazz

See All by Tazz
The Value of OSINT for Business Decisions
grcninja
0
120
Threat Intelligence for Executives, Senior Leaders, and Security Practitioners
grcninja
0
89
Redefining Due Diligence - OSINT for Critical Business Decisions
grcninja
1
160
Búsqueda de amenazas: Planeando el Futuro
grcninja
1
44
OSINT_for_Critical_Business_Decisions.pdf
grcninja
0
140
Threat Intelligence Establishing a Common Language
grcninja
0
110
OSINT Fighting Fraud: Going Beyond Validation
grcninja
0
83
Threat Intelligence (Program): Plan It, Make It, Share It
grcninja
1
290
Threat Hunting - Thinking About Tomorrow
grcninja
0
560

Other Decks in Business

See All in Business
2024_0930_SHIP_CULUTURE_社外用_version1.pdf
ship_inc
0
470
GLP_SustainabilityReport_2023
glp_jp
1
370
El Mercado cuartohorario de electricidad
neuroenergia
PRO
0
140
【エンジニア採用】BuySell Technologies会社説明資料
buyselltechnologies
1
51k
インキュデータ会社紹介資料
okitsu
3
31k
Company Introduction Slides
recruiting
0
1k
アックス/ 求職者向け会社紹介
oneterasu
0
120
ARI会社説明
arisaiyou
0
3.8k
Company Deck for Engineers
cuolega
0
260
ブレインパッドXaaSユニット紹介資料(キャリア採用向けweb公開版 )
brainpadpr
0
14k
租税教育コンテンツの製作
tokyo_metropolitan_gov_digital_hr
0
450
M3 Career Culture Deck(セールス&コンサルティング職)
m3c
1
230k

Featured

See All Featured
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Why Our Code Smells
bkeepers
PRO
334
57k
Fontdeck: Realign not Redesign
paulrobertlloyd
81
5.2k
A Philosophy of Restraint
colly
203
16k
Statistics for Hackers
jakevdp
796
220k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
3
370
Product Roadmaps are Hard
iamctodd
PRO
48
10k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
43
6.6k
Designing the Hi-DPI Web
ddemaree
280
34k
How STYLIGHT went responsive
nonsquared
95
5.2k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
27
1.9k

Transcript

  1. NEVER UNDERESTIMATE THE CREATIVITY OR DETERMINATION OF YOUR ENEMY. ↔

    IF YOU CAN’T THINK OF IT, HOW CAN YOU DEFEND AGAINST IT?

  2. IMAGINE 2

  3. • • • • • TARGET DEVELOPMENT – THREAT TRIGGERS/EVENTS

    & STRATEGIC TARGETS • • 3

  4. NO CYBER RULE 4

  5. $______ • PHYSICAL • NETWORK • INFORMATION • DATA •

    (MOBILE) DEVICE • CYBER CYBERS • • • • 5

  6. READING RECOMMENDATIONS 6

  7. 7

  8. 8

  9. OBJECTIVES 9

  10. 1. 2. 3. CRITICAL 10

  11. TACTICAL -VS- STRATEGIC THREAT INTELLIGENCE 11

  12. 12

  13. • • • QUICK (AUTOMATED) ANALYSIS • • INDICATORS OF

    COMPROMISE • • • DEEP ANALYSIS • • INDICATORS OF ATTACK 13

  14. David Bianco 2013-present James Dietel, Effective Threat Intelligence ©2016 14

  15. • BEFORE REVERSE TARGETING • FOR SOMEONE ELSE • •

    AFTER MOTIVES & GOALS • • 15

  16. BEFORE THE COMPROMISE: TARGET DEVELOPMENT 16

  17. COMPREHEND 17

  18. • • • • • • • • 18

  19. • • • • • • • • • •

    OPERATIONS MANUALS, RESPONSE PLANS, INVOICES, SCHEMATICS, BLUEPRINTS • CHAT PLATFORM (WHO HOSTS YOURS, AUTHORIZED & UNAUTHORIZED? – TIKTOK, DISCORD, TELEGRAM) • ANYTHING WITH A POWER BUTTON/SWITCH • HOW MANY SHARED SERVICE PROVIDERS DOES YOUR ORGANIZATION USE? 19 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  20. • • • • • • • • WHAT TECHNOLOGY

    AFFECTS YOUR SHIPPING OPERATIONS AND MONITORING? • SUPPORTING • • 20 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  21. • • • • • WHO AND WHAT COUNTRY MADE

    THE TECHNOLOGY IN YOUR EQUIPMENT? • YOUR PURCHASE ORDERS REVEAL YOUR CAPABILITIES • PARTS & CORE COMPONENT MANUFACTURERS • SUBJECT MATTER EXPERTS • • • • 21 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  22. • • • • • IOT DEVICES IN HOME/CAR, FITNESS

    APPS • CONTRACTED COMPANIES • • • • • 22 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  23. • • • • • • • • • •

    RESEARCH ORGANIZATIONS FOCUSED ON FOOD TECHNOLOGY, WEAPONS, WEAPONIZING $THINGS • SCIENTISTS 23 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  24. • • • • • • • CONFERENCES WHERE MULTIPLE

    CRITICAL INFRASTRUCTURE VENDORS ARE GATHERED • “WORK FROM HOME” EMPLOYEES • EMERGENCY SERVICES AND FIRST RESPONDERS • • • POWER PLANTS, DAMS, WATER TREATMENT, LANDFILLS, PIPELINES, MINES, PORTS 24 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  25. • • • • • • SMALL CONFERENCES W/ CONCENTRATIONS

    OF PROFESSIONALS OR RELIGIOUS LEADERS • CONFERENCE ATTENDANCE ROSTER • MEMBERSHIP ROSTERS • ANYTHING “SACRED” / UNITES THE PEOPLE • • 25 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  26. • • • • • ICONS • • • 26

    Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  27. “FINDING” STRATEGIC INTEL 27

  28. • YOU DON’T FIND IT – YOU DEVELOP IT THROUGH

    CRITICAL THINKING AND ANALYSIS • • • • • • PROPOSED • • • • 28

  29. FINAL NOTES TO LEADERS ASKING FOR STRATEGIC (DIGITAL) THREAT INTEL...

    29

  30. Do you understand the motives, goals, structure, organization, & methods

    of your adversaries? 30

  31. The supreme art of war is to subdue the enemy

    without fighting. -Sun Tzu 31

  32. QUESTIONS ? 32

  33. Twitter: @GRC_Ninja Slides: speakerdeck.com/grcninja Email: [email protected] 33 One / Uno

  34. • HTTPS://WWW.CIA.GOV/LIBRARY/CENTER-FOR-THE-STUDY-OF- INTELLIGENCE/CSI-PUBLICATIONS/CSI-STUDIES/STUDIES/VOL51NO2/THE-STATE-OF-STRATEGIC- INTELLIGENCE.HTML • HTTPS://WWW.AMAZON.COM/EFFECTIVE-THREAT-INTELLIGENCE- BUILDING-ORGANIZATION/DP/1533314551 • HTTP://GLOBALENERGYOBSERVATORY.ORG/ 34