Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
In the Lair of the Beholder
Search
Kyle Maxwell
July 08, 2015
Technology
0
100
In the Lair of the Beholder
Kyle Maxwell
July 08, 2015
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
420
Hackertainment
krmaxwell
1
230
Threat Intelligence for Incident Response
krmaxwell
0
180
From Minion to Engineer
krmaxwell
0
120
Why XOR Crypto Sucks
krmaxwell
0
210
Open Source Threat Intelligence - Shakacon
krmaxwell
1
890
Secure Blogging
krmaxwell
0
140
Grabbing fresh evil bits: Maltrieve
krmaxwell
1
160
Other Decks in Technology
See All in Technology
プロジェクトマネジメントは不確実性との対話だ
hisashiwatanabe
0
180
メルカリIBIS:AIが拓く次世代インシデント対応
0gm
2
490
Backlog AI アシスタントが切り開く未来
vvatanabe
1
170
UDDのススメ - 拡張版 -
maguroalternative
1
670
結局QUICで通信は速くなるの?
kota_yata
9
7.5k
生成AI利用プログラミング:誰でもプログラムが書けると 世の中どうなる?/opencampus202508
okana2ki
0
180
どこで動かすか、誰が動かすか 〜 kintoneのインフラ基盤刷新と運用体制のシフト 〜
ueokande
0
130
いま、あらためて考えてみるアカウント管理 with IaC / Account management with IaC
kohbis
2
560
【OptimizationNight】数理最適化のラストワンマイルとしてのUIUX
brainpadpr
2
580
ウォンテッドリーのアラート設計と Datadog 移行での知見
donkomura
0
240
意志の力が9割。アニメから学ぶAI時代のこれから。
endohizumi
1
110
[CVPR2025論文読み会] Linguistics-aware Masked Image Modelingfor Self-supervised Scene Text Recognition
s_aiueo32
0
190
Featured
See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
56
5.8k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
For a Future-Friendly Web
brad_frost
179
9.9k
The Invisible Side of Design
smashingmag
301
51k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
Testing 201, or: Great Expectations
jmmastey
45
7.6k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.4k
Typedesign – Prime Four
hannesfritz
42
2.8k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Transcript
In the Lair of the Beholder Kyle Maxwell @kylemaxwell
[email protected]
How this got started “Beholder” is Product Identity of Wizards
of the Coast
External IOCs How to look? • Blacklists • WHOIS •
Search engine automation • Malware repositories
OSINT is a lot like this
Blacklists Check popular “threat intel data feeds” using Combine plus
Flail https://github.com/mlsecproject/combine https://github.com/krmaxwell/flail Games Workshop
WHOIS Registration of domains relevant to brand or organization name
http://modernfarmer.com/2013/06/cowglyphics-decoding-cattle-brands/
Search Engine Automation Custom Search Engine for paste sites Google
Alerts for key email addresses (executives, honeytokens, etc.)
Malware Repositories YARA: “The pattern matching swiss knife” http://plusvic.github.io/yara/ “Antivirus
that you update using git pull” ~ @tomchop_
YARA Example (super naïve) rule verisign_email { strings: $email_domain =
"@verisign.com" $common_email = "CPS-requests" condition: $email_domain and not $common_email }
Automation “Scumblr is a web application that allows performing periodic
searches and storing / taking actions on the identified results.” https://github.com/Netflix/Scumblr
Lesson: Start off simple
Lesson: Evolve or die
Lesson: Work with others Professionals can usually provide richer details.
Discussion Thanks! @kylemaxwell
[email protected]