Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ThreatHunting_ThinkingAboutTomorrow_Bogota2019.pdf

Tazz
March 14, 2019
Business
1
210

 ThreatHunting_ThinkingAboutTomorrow_Bogota2019.pdf

This presentation was previously given to a hacker community in 2017, and it was updated and tailored for the business-concentric security audience in Bogota (2019). This presentation presents a new way of thinking about threats - strategically. It identifies the differences between tactical and strategic threat intelligence, and then it offers connections between eight* categories of real world threat triggers/events and the items that may become strategic targets as a result of the trigger or event. It then closes with a few suggestions on how to develop threat intelligence.

*Technology, Economics, Business, Military, Diplomatic, Infrastructure, Cultural/Professional, and Religious

The talk includes three links: two for reading recommendations and one for an online resource with verbose information about power plants around the world.

Tazz

March 14, 2019
Tweet

More Decks by Tazz

See All by Tazz
The Value of OSINT for Business Decisions
grcninja
0
120
Threat Intelligence for Executives, Senior Leaders, and Security Practitioners
grcninja
0
89
Redefining Due Diligence - OSINT for Critical Business Decisions
grcninja
1
160
Búsqueda de amenazas: Planeando el Futuro
grcninja
1
44
OSINT_for_Critical_Business_Decisions.pdf
grcninja
0
140
Threat Intelligence Establishing a Common Language
grcninja
0
110
OSINT Fighting Fraud: Going Beyond Validation
grcninja
0
83
Threat Intelligence (Program): Plan It, Make It, Share It
grcninja
1
290
Threat Hunting - Thinking About Tomorrow
grcninja
0
560

Other Decks in Business

See All in Business
急成⻑スタートアップで働くことで得られるもの / 株式会社IVRy(社内LT会)
miyashino
0
1.2k
Recruiting Deck_株式会社HACHI
hachi_hiring
1
530
東京都ツキノワグマ目撃等情報マップ
tokyo_metropolitan_gov_digital_hr
0
270
la belle vie Inc. Company Introduction for Merchandiser
recruiting
0
2k
スタートアップのマネージャーに役立つ視座/A useful perspective for startup managers
dskst
6
1.2k
もしドラッカーがアジャイルコーチになったら / If Drucker Were an Agile Coach
fkino
2
410
Nstock 採用資料 / We are hiring
nstock
26
240k
エンジニア向け会社紹介資料/株式会社PLAY
play_inc
0
5.4k
インキュデータ会社紹介資料
okitsu
3
32k
merpay-overview_en
mercari_inc
1
17k
不感対策ソリューション 詳細資料
jtes
0
160
コーチ・エィ_会社紹介資料
coacha
1
940

Featured

See All Featured
Visualization
eitanlees
145
15k
KATA
mclloyd
29
14k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Into the Great Unknown - MozCon
thekraken
32
1.5k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Navigating Team Friction
lara
183
14k
Adopting Sorbet at Scale
ufuk
73
9.1k
Code Reviewing Like a Champion
maltzj
520
39k

Transcript

  1. NEVER UNDERESTIMATE THE CREATIVITY OR DETERMINATION OF YOUR ENEMY. ↔

    IF YOU CAN’T THINK OF IT, HOW CAN YOU DEFEND AGAINST IT?

  2. IMAGINE 2

  3. • • • • • TARGET DEVELOPMENT – THREAT TRIGGERS/EVENTS

    & STRATEGIC TARGETS • • 3

  4. NO CYBER RULE 4

  5. $______ • PHYSICAL • NETWORK • INFORMATION • DATA •

    (MOBILE) DEVICE • CYBER CYBERS • • • • 5

  6. READING RECOMMENDATIONS 6

  7. 7

  8. 8

  9. OBJECTIVES 9

  10. 1. 2. 3. CRITICAL 10

  11. TACTICAL -VS- STRATEGIC THREAT INTELLIGENCE 11

  12. 12

  13. • • • QUICK (AUTOMATED) ANALYSIS • • INDICATORS OF

    COMPROMISE • • • DEEP ANALYSIS • • INDICATORS OF ATTACK 13

  14. David Bianco 2013-present James Dietel, Effective Threat Intelligence ©2016 14

  15. • BEFORE REVERSE TARGETING • FOR SOMEONE ELSE • •

    AFTER MOTIVES & GOALS • • 15

  16. BEFORE THE COMPROMISE: TARGET DEVELOPMENT 16

  17. COMPREHEND 17

  18. • • • • • • • • 18

  19. • • • • • • • • • •

    OPERATIONS MANUALS, RESPONSE PLANS, INVOICES, SCHEMATICS, BLUEPRINTS • CHAT PLATFORM (WHO HOSTS YOURS, AUTHORIZED & UNAUTHORIZED? – TIKTOK, DISCORD, TELEGRAM) • ANYTHING WITH A POWER BUTTON/SWITCH • HOW MANY SHARED SERVICE PROVIDERS DOES YOUR ORGANIZATION USE? 19 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  20. • • • • • • • • WHAT TECHNOLOGY

    AFFECTS YOUR SHIPPING OPERATIONS AND MONITORING? • SUPPORTING • • 20 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  21. • • • • • WHO AND WHAT COUNTRY MADE

    THE TECHNOLOGY IN YOUR EQUIPMENT? • YOUR PURCHASE ORDERS REVEAL YOUR CAPABILITIES • PARTS & CORE COMPONENT MANUFACTURERS • SUBJECT MATTER EXPERTS • • • • 21 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  22. • • • • • IOT DEVICES IN HOME/CAR, FITNESS

    APPS • CONTRACTED COMPANIES • • • • • 22 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  23. • • • • • • • • • •

    RESEARCH ORGANIZATIONS FOCUSED ON FOOD TECHNOLOGY, WEAPONS, WEAPONIZING $THINGS • SCIENTISTS 23 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  24. • • • • • • • CONFERENCES WHERE MULTIPLE

    CRITICAL INFRASTRUCTURE VENDORS ARE GATHERED • “WORK FROM HOME” EMPLOYEES • EMERGENCY SERVICES AND FIRST RESPONDERS • • • POWER PLANTS, DAMS, WATER TREATMENT, LANDFILLS, PIPELINES, MINES, PORTS 24 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  25. • • • • • • SMALL CONFERENCES W/ CONCENTRATIONS

    OF PROFESSIONALS OR RELIGIOUS LEADERS • CONFERENCE ATTENDANCE ROSTER • MEMBERSHIP ROSTERS • ANYTHING “SACRED” / UNITES THE PEOPLE • • 25 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  26. • • • • • ICONS • • • 26

    Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious

  27. “FINDING” STRATEGIC INTEL 27

  28. • YOU DON’T FIND IT – YOU DEVELOP IT THROUGH

    CRITICAL THINKING AND ANALYSIS • • • • • • PROPOSED • • • • 28

  29. FINAL NOTES TO LEADERS ASKING FOR STRATEGIC (DIGITAL) THREAT INTEL...

    29

  30. Do you understand the motives, goals, structure, organization, & methods

    of your adversaries? 30

  31. The supreme art of war is to subdue the enemy

    without fighting. -Sun Tzu 31

  32. QUESTIONS ? 32

  33. Twitter: @GRC_Ninja Slides: speakerdeck.com/grcninja Email: [email protected] 33 One / Uno

  34. • HTTPS://WWW.CIA.GOV/LIBRARY/CENTER-FOR-THE-STUDY-OF- INTELLIGENCE/CSI-PUBLICATIONS/CSI-STUDIES/STUDIES/VOL51NO2/THE-STATE-OF-STRATEGIC- INTELLIGENCE.HTML • HTTPS://WWW.AMAZON.COM/EFFECTIVE-THREAT-INTELLIGENCE- BUILDING-ORGANIZATION/DP/1533314551 • HTTP://GLOBALENERGYOBSERVATORY.ORG/ 34