Leveraging OSINT to Track Cyber Threat Actors

Channel:
United States SANS Cyber Defense
Subscribers:
23,800
Published on ● Video Link: https://www.youtube.com/watch?v=HrYvM4-ZA_Q


Duration: 32:21
2,287 views
51

In the cyber threat intelligence world, OSINT is often synonymous with technical indicators and internet scanning tools. While these play a major role in tracking cyber threat actors (a.k.a. hackers), there are non-technical OSINT techniques that support tracking threat actors. Several common open sources leveraged in tracking threat actors include indictments, corporate registries, news and social media. There are several cases that demonstrate this notion. In particular, contextualising information operations based on postmortem social media accounts; using indictment and sanction announcements to pivot off and find information that has not been previously reported by the FBI; and using news media to expose an Iran-based threat actor targeting the technology sector. These cases are not only applicable to threat intelligence analysts, but law enforcement, investigative journalists, and similar investigative professions.

Curtis Hanson @cybershtuff, Threat Intelligence Analyst, PwC

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at http://www.sans.org/u/195g

#OSINTSummit



Other Videos By SANS Cyber Defense


2021-05-29All-Around Defender: Can You Measure the Efficacy of Your Architecture?
2021-05-24OSINT + Offensive Security
2021-05-08Collect all the Data. Really?
2021-05-01All-Around Defender: Zero Trust | Live Stream
2021-04-26Open-Source Intelligence plus Cyber Threat Intelligence | Live Stream Series
2021-04-24Day 2 Wrap-Up Panel | SANS OSINT Summit 2021
2021-04-22Is This Thing Even On? Leveraging Automation in OSINT Collection
2021-04-20Hard and Soft OSINT Skills for Success | SANS OSINT Summit 2021
2021-04-18Just Curious: The OSINTCurio.us Project and You
2021-04-16Day 1 Wrap-Up Panel | SANS OSINT Summit 2021
2021-04-14Leveraging OSINT to Track Cyber Threat Actors
2021-04-12OSINT Tools for Diving Deep into the Dark Web
2021-04-10Leveraging VIPs Attack Surface Through OSINT
2021-04-08Extracting and Analyzing Social Networks Data Efficiently
2021-04-06OSINT Google and Social Networks Hacks
2021-04-03Keeping Bias, Manipulation and Fake News Out of Your OSINT Analysis
2021-04-02Using Mobile Apps to Leverage OSINT Investigations
2021-04-01Haters Gonna Hate: Gathering and Analyzing Hate Using OSINT
2021-03-31Hash or It Didn't Happen
2021-03-30Basic Persistent Threat (Monitoring)
2021-03-29Open-Source Intelligence Plus Blue Team | Live Stream Series


Tags:
sans institute
blue team
blue team operations
curtis hanson
osint
open-source intelligence
open-source intel
osint summit
sans osint summit
osint investigation
osint investigation techniques
osint investigation tools
osint investigations
osint tools