Contact

Follow

©2018 by Damsky - Cyber Threat Intelligence Research, Training and Consulting.

Training and Events

You want to learn, We want to teach!

If you want to know about technical threat intelligence, look no further. We offer a wide range of training courses and workshops, which we can tailor to your company's specific needs. Broadly, we cover:

  • introduction to cyber threat intelligence

  • threat intelligence analysis

  • networking

  • protocols

  • phishing

  • data analysis

  • malware analysis

  • Google hacking and advanced search techniques

  • data collection and sharing techniques

  • operational security (OPSEC)

  • attribution

Our Current Training and Talks

 

Detecting Phishing from pDNS

Talk

Passive DNS (pDNS) have been utilized by threat researchers for several years and allow us to gather information on domain usage worldwide. Since data fidelity varies depending upon the scope, timeline, and vantage point of sensor networks, pDNS visibility provides a multitude of different and exciting results for analysts to review. In this presentation we will quickly recap DNS and pDNS, review different approaches to detecting phishing using pDNS and focus on demonstrating different heuristics and operational procedures that can help increase actual detection while minimizing false positives.

Thinking Behind Enemy Lines – Actionable Threat Intelligence Tools and Techniques

Training

Security has long ago become more than just malware reverse engineering. To defend your organization, you need to analyze your adversary’s intent, opportunities and capabilities. The tools and skills needed are not only of deep technical nature, but also require one to leverage available intelligence and counterintelligence information and know how to make the most of it.

To become a good intelligence analyst, you need to acquire a different way of thinking – an analytical mindset, which requires getting acquainted with field proven intelligence techniques and methodologies. These will serve as the basis for doing your daily analysis tasks in a much more productive and sophisticated way.

In this course, which will include both lectures and hands on training, we will learn how to look beyond the malware itself in order to dig information on the infrastructure and actor behind it. We will understand the adversary's intents, way of thinking and the risk it poses against our threat model, to develop the best protections and mitigations. We will get familiarized with tools for gaining insight into attacker’s workflow and learn how to integrate those into the organization.  The students will be capable to go back to their organization and immediately start utilizing the lessons learned to proactively defend their network.

Hunting maliciousness using DNS

Training

DNS is the one of the basic layers that holds the Internet together. Without it, not much else works... even malware. In this training we will focus on how to use DNS to the advantage of defending networks. With good techniques it is possible to find a great deal of misuse based on DNS such as DGAs, fast/double flux networks, phishing, and brand impersonation. Tools like passive DNS, whois, and active probing allow defenders to proactively search for malicious indicators before they are operationalized so defenders can get ahead of the attack cycle.
This is a training on the usage of DNS for malware hunting, detection of new infrastructure, discovery of new network assets and other “research” type of products. In this training we will focus on hands on labs while covering also some theory and history of DNS. There are multiple topics that are available and can be tailored to the class based on their interest.

Using DNS to your advantage

Workshop

DNS is the one of the basic layers that holds the Internet together. Without it, not much else works... even malware. This two/three-hour presentation is focused on how to use DNS to the advantage of defending networks. With good techniques it is possible to find a great deal of misuse based on DNS such as DGAs, fast/double flux networks, phishing, and brand impersonation. Tools like passive DNS, whois, and active probing allow defenders to proactively search for malicious indicators before they are operationalized so defenders can get ahead of the attack cycle.

1 / 1

Please reload