Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
In the Lair of the Beholder
Search
Kyle Maxwell
July 08, 2015
Technology
0
89
In the Lair of the Beholder
Kyle Maxwell
July 08, 2015
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
340
Hackertainment
krmaxwell
1
210
Threat Intelligence for Incident Response
krmaxwell
0
160
From Minion to Engineer
krmaxwell
0
100
Why XOR Crypto Sucks
krmaxwell
0
200
Open Source Threat Intelligence - Shakacon
krmaxwell
1
880
Secure Blogging
krmaxwell
0
140
Grabbing fresh evil bits: Maltrieve
krmaxwell
1
150
Other Decks in Technology
See All in Technology
コードファーストの考え方。 Amplify Gen2から学ぶAWS次世代のWeb開発体験
yoshiitaka
2
330
実例で紹介するRAG導入時の知見と精度向上の勘所
yamahiro
5
1.6k
20分で完全に理解するGrafanaダッシュボード
hamadakoji
5
890
【基本】データベース設計
oracle4engineer
PRO
2
170
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
330
How to do well in consulting–Balkan Ruby 2024
irinanazarova
0
130
R3のコードから見る実践LINQ実装最適化・コンカレントプログラミング実例
neuecc
3
2.4k
社内アプリで Cloudflare D1を プロダクト運用してみた体験談(Tokyo)
haochenx
0
110
【NW X Security JAWS#3】L3-4:AWS環境のIPv6移行に向けて知っておきたいこと
shotashiratori
1
620
Android Target SDK 35 (Android 15) 対応の概要
akkie76
0
150
Cypress or Playwright?
rainerhahnekamp
0
170
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
800
Featured
See All Featured
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Into the Great Unknown - MozCon
thekraken
14
1k
The Illustrated Children's Guide to Kubernetes
chrisshort
32
46k
Building Your Own Lightsaber
phodgson
100
5.7k
The Language of Interfaces
destraynor
151
23k
Designing for humans not robots
tammielis
248
25k
Typedesign – Prime Four
hannesfritz
36
2.1k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
21
1.9k
Done Done
chrislema
178
15k
Bash Introduction
62gerente
605
210k
Ruby is Unlike a Banana
tanoku
96
10k
Infographics Made Easy
chrislema
238
18k
Transcript
In the Lair of the Beholder Kyle Maxwell @kylemaxwell
[email protected]
How this got started “Beholder” is Product Identity of Wizards
of the Coast
External IOCs How to look? • Blacklists • WHOIS •
Search engine automation • Malware repositories
OSINT is a lot like this
Blacklists Check popular “threat intel data feeds” using Combine plus
Flail https://github.com/mlsecproject/combine https://github.com/krmaxwell/flail Games Workshop
WHOIS Registration of domains relevant to brand or organization name
http://modernfarmer.com/2013/06/cowglyphics-decoding-cattle-brands/
Search Engine Automation Custom Search Engine for paste sites Google
Alerts for key email addresses (executives, honeytokens, etc.)
Malware Repositories YARA: “The pattern matching swiss knife” http://plusvic.github.io/yara/ “Antivirus
that you update using git pull” ~ @tomchop_
YARA Example (super naïve) rule verisign_email { strings: $email_domain =
"@verisign.com" $common_email = "CPS-requests" condition: $email_domain and not $common_email }
Automation “Scumblr is a web application that allows performing periodic
searches and storing / taking actions on the identified results.” https://github.com/Netflix/Scumblr
Lesson: Start off simple
Lesson: Evolve or die
Lesson: Work with others Professionals can usually provide richer details.
Discussion Thanks! @kylemaxwell
[email protected]