SIGS Afterwork Event Bern - Threat Intelligence
Alex Hinchliffe, Threat Intelligence Analyst in Unit 42
Alex Hinchliffe is a Threat Intelligence Analyst in Unit 42. Based in EMEA, his main responsibilities include research into security threats, the groups behind them and their motivations, tactics and resources to enrich intelligence and disseminate information to the public.
He started his career as an intern at the then Dr Solomon’s Anti-Virus company in the United Kingdom. Almost two decades later, his research has largely focused on Windows malware and recently, on Android. He regularly speaks on these and related topics. While previously working for McAfee Labs, Alex co-created the industry’s first cloud-based Anti-Malware reputation system, Artemis, decreasing time to protection without signatures to help fight the huge growth in malicious threats.
Threat Intelligence, How, What and Why – the Unit 42 way of doing it
In this live presentation you will learn about how researches work and with what tools an techniques they are unveiling the adversaries secrets. Learn what a adversary playbook is and why you should care. In the second part follow the deep dive walkthrough of the KHART research including sample analysis.
For your own interest you can bring Malware indicators: hashes (md5, sha1, sha2); IP addresses, domain names, registry keys, mutexes etc etc and Alex will show you what we know about it.
- Introductions: Alex and Unit 42
- “State of the Nation” – what are current and future threats
- Threat Intelligence: How, What, Why etc. This leads into:
- Adversary playbooks (a new concept we’re talking about to represent and programmatically share information about adversaries and their TTPs)
- Walk-through and deeper dive into KHRAT Malware research:
- AutoFocus indicators, searching, pivoting.
- Maltego maps (using AutoFocus, VirusTotal, PassiveTotal etc APIs)
- Sample analysis – reversing, debuggers, hexadecimal stuff
- Bring your own Malware indicators – analysis
- MineMeld (demo)
- Wrap-up / take aways
Details at https://www.sig-switzerland.ch/bern-december/