Towards a Holistic Approach in Building Intelligence to Fight Crimeware

Explore a comprehensive approach to investigating and combating cybercrime in this Black Hat conference talk. Learn about strategies focusing on network attack surfaces and actor perspectives, including analysis of hosting IP space, DNS traffic, open ports, BGP announcements, ASN peerings, and SSL certificates. Discover methods for tracking trends, motivations, and TTPs of cyber criminals through infiltration of underground forums. Examine two types of bulletproof hosting infrastructures used in crimeware campaigns: fast flux proxy networks and dedicated servers from rogue hosting companies. Gain insights into using DNS traffic analysis, passive DNS mining algorithms, and novel methods leveraging SSL data to detect and map malware domains and compromised hosts. Understand how to proactively bridge the gap between actor and network views by identifying and blocking IP spaces of bulletproof hosters. Learn about the backend architecture using HBase and ElasticSearch for indexing and searching vast quantities of global Internet metadata to support threat research.