No Budget Threat Intelligence: Tracking Malware Campaigns on the Cheap

ShmooCon XI - 2015

Presented by: Andrew Morris
Date: Sunday January 18, 2015
Time: 10:00 - 10:50
Location: Belay It

In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I'll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I'll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers. I'll also be releasing a suite of tools I created to help threat researchers perform tracking and attribution.

Andrew Morris

Andrew Morris is a security consultant with iSEC Partners. He specializes in network security, risk assessment, and making bad jokes. Andrew has consulted to fortune 100 corporations, technology companies, financial institutions, hospitals, human rights groups, social media organizations, and government agencies. When he is not talking too loudly in the office, Andrew likes to find confusing gifs on the Internet and try to understand what his dreams mean.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats