In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I'll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I'll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers. I'll also be releasing a suite of tools I created to help threat researchers perform tracking and attribution.
Andrew Morris is a security consultant with iSEC Partners. He specializes in network security, risk assessment, and making bad jokes. Andrew has consulted to fortune 100 corporations, technology companies, financial institutions, hospitals, human rights groups, social media organizations, and government agencies. When he is not talking too loudly in the office, Andrew likes to find confusing gifs on the Internet and try to understand what his dreams mean.