Overview
Explore the Hourglass Model 2.0, a research framework for gathering security intelligence from underground marketplaces, in this 41-minute Black Hat conference talk. Delve into a case study of Southeast Asian underground services abusing global two-factor authentication (2FA) systems. Learn about the model's scope, research plan, and key findings, including fraud and monetization flows, overall workflow, and 2FA abuse methods. Gain valuable insights for threat prevention and mitigation plan development, even with limited access to underground marketplaces. Presented by Anna Chung, this talk provides essential takeaways for cybersecurity professionals and researchers interested in understanding and combating sophisticated underground services.
Syllabus
Intro
black hat Introduction: Hourglass Model 1.0
black hat Hourglass Model 1.0: Scope
Hourglass Model 2.0
Case Study
Research Plan
Findings & Hypothesis
blackhat Analysis: Fraud & Monetization Flow
blackhat Analysis: Overall Workflow
black hat Analysis: Overall 2FA Abuse
black hat Hourglass 2.0 vs 2FA Methods
black hat TLDR - Today's Key Takeaways
Taught by
Black Hat