Getting Ahead of the Bad Guys with Internet Scanning Data

Explore defensive cybersecurity strategies in this DEF CON 31 Recon Village conference talk that demonstrates how to leverage internet scanning services like Shodan and BinaryEdge to proactively identify adversarial infrastructure. Learn techniques for detecting potential threats by hunting for specific patterns like MZ headers that indicate executable payloads, particularly useful in identifying attack framework hosting sites. Discover how to process and transform collected data into actionable intelligence for defenders and threat researchers, with real-world examples including the identification of Cobalt Strike servers during incident response investigations. Gain insights into various use cases for internet scanning data analysis, from harmless findings to potentially malicious powershell scripts, enhancing your ability to map and understand the Internet threat landscape.