Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ThreatHunting_ThinkingAboutTomorrow_Bogota2019.pdf

Tazz
March 14, 2019
Business
1
200

 ThreatHunting_ThinkingAboutTomorrow_Bogota2019.pdf

This presentation was previously given to a hacker community in 2017, and it was updated and tailored for the business-concentric security audience in Bogota (2019). This presentation presents a new way of thinking about threats - strategically. It identifies the differences between tactical and strategic threat intelligence, and then it offers connections between eight* categories of real world threat triggers/events and the items that may become strategic targets as a result of the trigger or event. It then closes with a few suggestions on how to develop threat intelligence.

*Technology, Economics, Business, Military, Diplomatic, Infrastructure, Cultural/Professional, and Religious

The talk includes three links: two for reading recommendations and one for an online resource with verbose information about power plants around the world.

Tazz

March 14, 2019
Tweet

More Decks by Tazz

See All by Tazz
The Value of OSINT for Business Decisions
grcninja
0
110
Threat Intelligence for Executives, Senior Leaders, and Security Practitioners
grcninja
0
86
Redefining Due Diligence - OSINT for Critical Business Decisions
grcninja
1
160
Búsqueda de amenazas: Planeando el Futuro
grcninja
1
39
OSINT_for_Critical_Business_Decisions.pdf
grcninja
0
140
Threat Intelligence Establishing a Common Language
grcninja
0
110
OSINT Fighting Fraud: Going Beyond Validation
grcninja
0
69
Threat Intelligence (Program): Plan It, Make It, Share It
grcninja
1
280
Threat Hunting - Thinking About Tomorrow
grcninja
0
540

Other Decks in Business

See All in Business
採用ピッチブック
macloud
2
47k
カジュアル面談って、もっとカジュアルに していいの / informal session #jasstnano
pineapplecandy
0
120
Webinar ACENEL 23.04.2024 - Certificados Energéticos (CAE´s)
acenel
PRO
0
110
TECH HIRE |「大胆なポジションの開発」によって ハイクラス人材を直接応募で4名採用できた話
trackrecords
PRO
0
230
GitHubを使わずDatabricksだけで お手軽にライブラリ共有やCIが できる環境を作ってみた/Creating an Environment for Easy Library Sharing and CI Using Only Databricks Without GitHub
kakehashi
1
300
アッテル会社紹介資料/culture deck
attelu
10
10k
ジンジニアのキャリア ~てぃーびーの場合~ / Tb's career
tbpgr
0
350
(80枚:講演資料)営業目標を絶対達成させるマネジメント技術(2024年4月3日)
nyattx
PRO
3
250
Recruitment_information2024
hdn_tocci
0
260
株式会社CINC 会社案内/Company introduction
cinchr
5
33k
おひさぽ ご説明資料
trinitytechnology
0
51k
株式会社トラストバンク_採用ピッチ資料
sugahara
0
540

Featured

See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
110
6.5k
Music & Morning Musume
bryan
41
5.6k
The Pragmatic Product Professional
lauravandoore
25
5.8k
How to Ace a Technical Interview
jacobian
272
22k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
322
20k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
The Straight Up "How To Draw Better" Workshop
denniskardys
227
130k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
The Mythical Team-Month
searls
216
42k
Teambox: Starting and Learning
jrom
128
8.4k
The Illustrated Children's Guide to Kubernetes
chrisshort
31
46k
Making the Leap to Tech Lead
cromwellryan
124
8.5k

Transcript

  1. NEVER UNDERESTIMATE THE CREATIVITY OR DETERMINATION OF YOUR ENEMY. ↔

    IF YOU CAN’T THINK OF IT, HOW CAN YOU DEFEND AGAINST IT?

  2. IMAGINE 2

  3. • • • • • TARGET DEVELOPMENT – THREAT TRIGGERS/EVENTS

    & STRATEGIC TARGETS • • 3

  4. NO CYBER RULE 4

  5. $______ • PHYSICAL • NETWORK • INFORMATION • DATA •

    (MOBILE) DEVICE • CYBER CYBERS • • • • 5

  6. READING RECOMMENDATIONS 6

  7. 7

  8. 8

  9. OBJECTIVES 9

  10. 1. 2. 3. CRITICAL 10

  11. TACTICAL -VS- STRATEGIC THREAT INTELLIGENCE 11

  12. 12

  13. • • • QUICK (AUTOMATED) ANALYSIS • • INDICATORS OF

    COMPROMISE • • • DEEP ANALYSIS • • INDICATORS OF ATTACK 13

  14. David Bianco 2013-present James Dietel, Effective Threat Intelligence ©2016 14

  15. • BEFORE REVERSE TARGETING • FOR SOMEONE ELSE • •

    AFTER MOTIVES & GOALS • • 15

  16. BEFORE THE COMPROMISE: TARGET DEVELOPMENT 16

  17. COMPREHEND 17

  18. • • • • • • • • 18

  19. • • • • • • • • • •

    OPERATIONS MANUALS, RESPONSE PLANS, INVOICES, SCHEMATICS, BLUEPRINTS • CHAT PLATFORM (WHO HOSTS YOURS, AUTHORIZED & UNAUTHORIZED? – TIKTOK, DISCORD, TELEGRAM) • ANYTHING WITH A POWER BUTTON/SWITCH • HOW MANY SHARED SERVICE PROVIDERS DOES YOUR ORGANIZATION USE? 19 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  20. • • • • • • • • WHAT TECHNOLOGY

    AFFECTS YOUR SHIPPING OPERATIONS AND MONITORING? • SUPPORTING • • 20 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  21. • • • • • WHO AND WHAT COUNTRY MADE

    THE TECHNOLOGY IN YOUR EQUIPMENT? • YOUR PURCHASE ORDERS REVEAL YOUR CAPABILITIES • PARTS & CORE COMPONENT MANUFACTURERS • SUBJECT MATTER EXPERTS • • • • 21 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  22. • • • • • IOT DEVICES IN HOME/CAR, FITNESS

    APPS • CONTRACTED COMPANIES • • • • • 22 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  23. • • • • • • • • • •

    RESEARCH ORGANIZATIONS FOCUSED ON FOOD TECHNOLOGY, WEAPONS, WEAPONIZING $THINGS • SCIENTISTS 23 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  24. • • • • • • • CONFERENCES WHERE MULTIPLE

    CRITICAL INFRASTRUCTURE VENDORS ARE GATHERED • “WORK FROM HOME” EMPLOYEES • EMERGENCY SERVICES AND FIRST RESPONDERS • • • POWER PLANTS, DAMS, WATER TREATMENT, LANDFILLS, PIPELINES, MINES, PORTS 24 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  25. • • • • • • SMALL CONFERENCES W/ CONCENTRATIONS

    OF PROFESSIONALS OR RELIGIOUS LEADERS • CONFERENCE ATTENDANCE ROSTER • MEMBERSHIP ROSTERS • ANYTHING “SACRED” / UNITES THE PEOPLE • • 25 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  26. • • • • • ICONS • • • 26

    Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  27. “FINDING” STRATEGIC INTEL 27

  28. • YOU DON’T FIND IT – YOU DEVELOP IT THROUGH

    CRITICAL THINKING AND ANALYSIS • • • • • • PROPOSED • • • • 28

  29. FINAL NOTES TO LEADERS ASKING FOR STRATEGIC (DIGITAL) THREAT INTEL...

    29

  30. Do you understand the motives, goals, structure, organization, & methods

    of your adversaries? 30

  31. The supreme art of war is to subdue the enemy

    without fighting. -Sun Tzu 31

  32. QUESTIONS ? 32

  33. Twitter: @GRC_Ninja Slides: speakerdeck.com/grcninja Email: [email protected] 33 One / Uno

  34. • HTTPS://WWW.CIA.GOV/LIBRARY/CENTER-FOR-THE-STUDY-OF- INTELLIGENCE/CSI-PUBLICATIONS/CSI-STUDIES/STUDIES/VOL51NO2/THE-STATE-OF-STRATEGIC- INTELLIGENCE.HTML • HTTPS://WWW.AMAZON.COM/EFFECTIVE-THREAT-INTELLIGENCE- BUILDING-ORGANIZATION/DP/1533314551 • HTTP://GLOBALENERGYOBSERVATORY.ORG/ 34