Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Follow the Clues: Everyday is lazarus.day
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
JeongGak Lyu
January 21, 2025
Technology
0
16
Follow the Clues: Everyday is lazarus.day
This talk was presented at JSAC 2025.
JeongGak Lyu
January 21, 2025
Tweet
Share
More Decks by JeongGak Lyu
See All by JeongGak Lyu
공격자의 시선에서 바라본 금융보안: 사이버 복원력 강화를 위한 레드티밍 전략
jglyu
0
33
금융분야 침해사고 동향 및 시사점
jglyu
0
15
He is everywhere: A tale of Lazarus and his family
jglyu
0
29
Other Decks in Technology
See All in Technology
JAWSDAYS2026_A-6_現場SEが語る 回せるセキュリティ運用~設計で可視化、AIで加速する「楽に回る」運用設計のコツ~
shoki_hata
0
2.9k
OpenClawで回す組織運営
jacopen
3
670
マルチロールEMが実践する「組織のレジリエンス」を高めるための組織構造と人材配置戦略
coconala_engineer
3
670
最強のAIエージェントを諦めたら品質が上がった話 / how quality improved after giving up on the strongest AI agent
kt2mikan
0
120
[JAWSDAYS2026]Who is responsible for IAM
mizukibbb
0
290
技術的負債の泥沼から組織を救う3つの転換点
nwiizo
8
3.2k
複数クラスタ運用と検索の高度化:ビズリーチにおけるElastic活用事例 / ElasticON Tokyo2026
visional_engineering_and_design
0
100
楽しく学ぼう!コミュニティ入門 AWSと人が つむいできたストーリー
hiroramos4
PRO
1
180
作りっぱなしで終わらせない! 価値を出し続ける AI エージェントのための「信頼性」設計 / Designing Reliability for AI Agents that Deliver Continuous Value
aoto
PRO
2
250
[AEON TECH HUB #24] お客様の長期的興味の理解に向けて
alpicola
0
130
Oracle Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
3
1.7k
Kaggleの経験が実務にどう活きているか / kaggle_findy
sansan_randd
7
1.3k
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Test your architecture with Archunit
thirion
1
2.2k
SEO Brein meetup: CTRL+C is not how to scale international SEO
lindahogenes
0
2.4k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
150
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Exploring anti-patterns in Rails
aemeredith
2
290
4 Signs Your Business is Dying
shpigford
187
22k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.1k
We Are The Robots
honzajavorek
0
190
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
1
3.5k
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
190
Designing for humans not robots
tammielis
254
26k
Transcript
2025-01-21 JeongGak Lyu @lazarusholic Follow the Clues Everyday is lazarus.day
The Evolving Threat Landscape Political or Social Agendas Financial Gain
Political Influence and Espionage DPRK State-Sponsored Threat Actors
Cyber Threat Intelligence Essentials The Pyramid of Pain CTI Lifecycle
Data Information Intelligence https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html https://www.gartner.com/document-reader/document/4056399
Threat Detection & Threat Hunting Proactive Approach Targets Unknown Threats
Searching for Evil Reactive Approach Focus on Known Threats Detecting Evil Rely on CTI & IOCs Mitigating Threats
Inside a CTI Report CTI Report Collections & Platforms •
DocIntel https://docintel.org/ • ioc[.]one https://ioc.one/ • Malpedia https://malpedia.caad.fkie.fraunhofer.de/ • ORKL https://orkl.eu/ • Threat Intelligence Reports https://mthcht.github.io/ThreatIntel-Reports/ • Vx Underground https://vx-underground.org/ Each Item can be a Clue
IOC Pivoting / Enrichment
IOC Pivoting with OSINT
Introduction to lazarus.day Reports 2,470 Actors 187 Incidents 187 Kimsuky
Lazarus ScarCruft Andariel Konni BlueNoroff DPRK FamousChollima
Everyday is lazarus.day cryptocopedia[.]com
Strategies for Enhanced Threat Intelligence Set Clear Goals! Automation, Automation,
Automation! Adopt Generative AI! Tools to Spark Ideas • Harpoon https://github.com/Te-k/harpoon • IntelOwl https://intelowlproject.github.io/ • Censeye https://github.com/Censys-Research/censeye • SecAI https://secai.ai/ • TI Mindmap https://github.com/format81/TI-Mindmap-GPT CTI Lifecycle
Conclusion • Following the Clues is an Endless Journey -
Requires Patience, Expertise and Investment • Maximize the Use of OSINT • Evaluate Your CTI Capability Maturity CTI Capability Maturity Model https://cti-cmm.org/ Asset Threat Risk Access Situation Response Thrid-Parties Fraud Workforce Architecture Program 0 25 50 75 100
Background Images: Unsplash Marek Piwnicki @lazarusholic https://lazarus.day Q & A
jglyu
shoki_hata
jacopen
coconala_engineer
kt2mikan
mizukibbb
nwiizo
visional_engineering_and_design
hiroramos4
aoto
alpicola
oracle4engineer
sansan_randd
keavy
thirion
lindahogenes
retrage
marcelosomers
aemeredith
shpigford
maggiecrowley
honzajavorek
katarinadahlin
techseoconnect
tammielis
![Everyday is lazarus.day cryptocopedia[.]com](https://files.speakerdeck.com/presentations/c57e3ff4f93c4c08a10afd4dd2c7153c/slide_8.jpg){kind=link}
