Loading…
NoNameCon has ended
Friday, May 18 • 11:00 - 12:00
Threat Intelligence particularities world-wide. Real life use-cases.

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.
This talk will give a definition of “Threat Intelligence”, explain Threat Intelligence Cycle and how collection and research efforts should be prioritized. Then we’ll talk on what’s common and what’s different based on the region in understanding on what exactly Threat Intelligence should deliver. Speaker is going to demonstrate couple real life use-cases on how threat intel discoveries enhanced security capabilities of organizations or launched investigations to remediate the threat.
Please see below couple use case that I will cover.
  • DOC exploit builder identification within underground, was proven to be used by one of sophisticated fincrime groups in their operations as an initial vector of getting into victims’ environment. Knowing exactly which vulnerabilities should be prioritized for patching will help organizations in this threat mitigation.
  • Will give an example of web-injects development to show the targeting of financial institutions in countries outside of TOP-regions that are under attack. Being aware of the exact timeline, and the fact it was developed and available will indicate the need of financial institution to enhance their defense practices such as incorporating 2FA, raising awareness of its customers, etc.
  • Overview of incorporation of a newer exploit by one of notorious APT-groups targeting US, Western and Eastern Europe, recommendation will be in proper patch management.
  • Examples of access to infrastructure or database of your organization is being offered at cybercriminal underground, first of all organization should develop their own capabilities or have a CTI provider to be timely aware about this fact, also additional information on TTPs used to gain an unauthorized access reveal what actions should be done to minimize chances for compromise going forward.

Speakers
avatar for Oleg Bondarenko

Oleg Bondarenko

Head of International Threat Research, FireEye
Oleg Bondarenko is Head of International Threat Research at FireEye. He supervises international collection and research capabilities with a goal of delivering raw threat data from numerous sources from across the globe—including human intelligence, open sources, active community... Read More →