NoNameCon has ended
Back To Schedule
Thursday, May 17 • 10:00 - 13:00
Chasing the Crypto Workshop: Tracking Financially Motivated Actors DNS Style

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Attention! The workshop is provided in English only. To take part you have to register and be accepted by the speaker(s). Registration form: https://goo.gl/forms/cgOVit362uam6xaM2

In February 2018 Cisco released details of a 6-month investigation into the use of phishing in Bitcoin wallet thefts and malware campaigns. The investigation, named COINHOARDER, provided insights into these new methods by utilizing whois data and domain registration patterns.

Using live access to Cisco’s OpenDNS threat intelligence interface, this workshop will provide an overview of the investigation. Then attendees will apply similar tools and hunting patterns to find new attacker constructions.

Prerequisites and tools needed:
1.     Basic knowledge of DNS, HTTP, and HTTPS.
2.     A laptop with Python installed.
3.     Attendees will receive a temporary OpenDNS API key for threat hunting during the class.

avatar for David Maynor

David Maynor

Cisco Talos
avatar for Jeremiah O'Connor

Jeremiah O'Connor

Senior Research Engineer, Cisco Security

Thursday May 17, 2018 10:00 - 13:00 EEST
Art Ukraine Gallery, Workshops Area