NoNameCon has ended
Thursday, May 17 • 10:00 - 13:00
Chasing the Crypto Workshop: Tracking Financially Motivated Actors DNS Style

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Attention! The workshop is provided in English only. To take part you have to register and be accepted by the speaker(s). Registration form: https://goo.gl/forms/cgOVit362uam6xaM2

In February 2018 Cisco released details of a 6-month investigation into the use of phishing in Bitcoin wallet thefts and malware campaigns. The investigation, named COINHOARDER, provided insights into these new methods by utilizing whois data and domain registration patterns.

Using live access to Cisco’s OpenDNS threat intelligence interface, this workshop will provide an overview of the investigation. Then attendees will apply similar tools and hunting patterns to find new attacker constructions.

Prerequisites and tools needed:
1.     Basic knowledge of DNS, HTTP, and HTTPS.
2.     A laptop with Python installed.
3.     Attendees will receive a temporary OpenDNS API key for threat hunting during the class.

avatar for David Maynor

David Maynor

Cisco Talos
avatar for Jeremiah O'Connor

Jeremiah O'Connor

Senior Research Engineer, Cisco Security