Monday, September 20, 2021
Introducing the "Certificate Crowd" - Brace Yourselves!
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Announcing Astalavista.box.sk's Flagship Search Engine for Hackers!
This summary is not available. Please
click here to view the post.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Forum Administrator of a Popular Cybercrime-Friendly Community Runs DDoS for Hire Service - An OSINT Analysis
An image is worth a thousand words.
Stay tuned!
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Exposing a Currently Active Malicious and Fraudulent Domain Portfolio Managed and Operated by Members of a Known Cybercrime-Friendly Community - An OSINT Analysis
Related domains known to have been involved in the campaign and that are currently managed and operated by members of a well known cybercrime-friendly forum community:
hacklab.pro
news-plus.info
proxybase.net
net-net-net-net.net
net-net.net
net-net-net-net-net.net
mobservdot.com
hs-mail.com
gohlke-hs-mail.com
net-net-net.net
net---net.net
mahadevia.com
mediamaxfilms.com
inter-net-net.net
net--net.net
net-net-net-net-net-net.net
trojanbotnet.com
millionevents.net
kombykorm.kz
knoc.kz
putehestvie.com
extendedfor.xyz
xaker.top
djamix.space
kuninganonline.com
comawhite.net
123buildmysite.com
bestpochta.com
thegingerzone.com
theaxiompress.com
alanmclaughlin.com
theaxiompress.net
0816yl.net
mitrapengujian.com
mitraautomation.com
mitra-timbangan.com
webisnis.com
bantalonline.com
autonewblog.com
kurortsochi.com
matemat.xyz
imeretinskiy.club
djamix.xyz
djamix.site
cansistent.com
safron.site
depsdm-kemenpan.com
hdb-global.com
gdlexpress.com
bwt-logistic.com
arc-sch.com
manesinc1.com
manesinc.com
rampstercorp.com
js-top.link
js-cdn.link
js-save.link
sexonlyvideo.com
hypermgp.com
mgpproject.net
hardlink.biz
buyrolex.biz
yourmpgvideo.com
mobiledatadevice.biz
noteshere.net
mmmstock.com
mmmtrust.net
mmmbook.net
cloudaway.com
greatgadgetsstore.com
mmmfz.top
kkkfz.top
hhhlj.top
hhhfz.top
10-2-2.com
365import.com
1-in-2-2.com
test-javier-2-2.com
gz2510.com
zqlankou.com
2-0-2-2.com
testci47570399d5.com
baomaev.com
zhongdaojiaoyu.cn
gzpylv.com
electronsurge.com
6-2-2.com
9-2-2.com
uiautotest-2-2.com
jiuzhoufj.com
entertt.com
dz1688.com
wonghao.top
china2-2-2.com
agnesbinagwaho.com
multi17.cn
ffflj.top
kkklj.top
ggglj.top
gggfz.top
jjjfz.top
999fz.top
hotmy.net
zcggz.org
autosecure.net
tacwj.org
lawguides2008.net
wohsl.org
auth2.net
mjnxs.org
yamahayzfr1.us
zdofd.org
stabantitheft.us
xauov.org
gamerplanet1.com
ydtmj.org
juicedetails.com
yprwm.org
discountgoods2012.com
qlkux.org
jewelrystoresnow.com
vzzub.org
onlinerace4u.com
yaphq.org
tradecars1.com
vobkx.org
pindostan.us
xowds.org
patefon32.us
frefh.org
pilot-cooking.us
wcyso.org
technics22.us
gzxinyakj.com
incorruptible-computers.com
solartope.com
stemcellplant.com
thoughtclone.com
stellarphonicorchestra.com
solarlaserproductions.com
chez-2-2.com
yzzby.com
sko5.com
kxiduo.com
im0000.com
gzima.com
oaiwen.com
njbhzs.com
aoyaok.com
30-2-2.com
batteryblitzer.com
testpathbe-2-2.com
look-not.com
boon-2-2.com
0-2-2.com
crowdfundance.com
xn--22-iz2c.com
sakura2-2-2.com
accesslogs-2-2.com
4-4-2-2.com
3-2-2.com
8-2-2.com
2--2.com
2-2-2.com
2-2.com
netholderace.com
ejsldk.info
ip-info-2-2.com
2-2-2-2-2.com
ip10-2-2.com
huawei2-2-2.com
hua-wei-2-2-2.com
test-site-paid-ads-2-2-2-2-2-2.com
ip-2-2-2-2.com
arataka-2-2.com
t-2-2.com
future-beam.com
kobayashi8.com
wwb-company.com
crowdfundance.net
advertdatacache.com
peaceplanet.info
infohoster.net
crowdfundance.info
light-surge.com
industrial-laser-engraving.com
cloudydaysolar.org
sustainable-computers.com
sergedouw.com
litesurge.com
incredible-computers.com
incorruptiblecomputers.com
futurebeam.com
bleepmusic.com
a-weekend.com
crowdfundance.org
2--2--2.com
4-2-2.com
2-2-2-2.com
en-2-2.com
e-netanteisha-2-2.com
1-2-2.com
5-2-2.com
salad2-2-2.com
mmiller-ep5-native-products-2-2.com
6-7-8-2-2.com
qa-mil-1827-2-2.com
cloudydaysolar.com
7-2-2.com
robustinverters.com
d3520-2-2.com
swissjabber.ch
ud-22-2-2.com
internationalidentification.org
trainhorn.us
ysiuemg.com
zqiwie.com
tywhus8.com
mmkdsk.com
jdhfsai.com
zquweh.com
bizzkit.com
peaceapproach.com
xyapakikixox.info
jincheng1.com
dinzarikbu.info
dadsbigshed.com
765system.link
goo678.com
thebestupdates.com
igo678.com
kartoxa.biz
moto288.com
himybro.biz
mybro.biz
nilai-wuhan.com
theearninggame.com
theearninggame.info
themusicaltree.info
themusicaltree.org
biggiftwinner.com
sustainabilityhive.com
hiranks.com
themusicaltree.com
successsurge.com
boomaweb.com
themusicaltree.net
theearninggame.net
theearninggame.biz
themusicaltree.biz
greenlifeincome.com
rome0.net
nipdq.org
superman-deals.us
ddgxq.org
computer-helping.us
eggvd.org
logical-board.us
hfduv.org
green-monkeys.us
pikwk.org
train-pro.us
ungrd.org
magic-deals.us
plpbd.org
magicislands.us
tmagm.org
applepie1.us
qxieb.org
ulcmk.org
nwchf.org
kuvvh.org
mxqmo.org
nkuii.org
ggboy.org
nwrsm.org
zpmph.org
greencomputer.us
mvliw.org
snikers.us
ifynq.org
changeshops.us
sxdyv.org
tviks.us
dflcj.org
crazystyles.us
ljsey.org
download-apple.us
jixld.org
tradecars1.us
htfjs.org
fruite-ninjas.us
adsee.net
get-health.us
rmfns.org
itunes-media.us
gszyb.org
pingvin.us
iicsj.org
money-bags.us
pwmlg.org
sennheiser-mp3.us
uzebg.org
mycompanyaddress.us
iulrf.org
sportsvalley.us
luqob.org
online-markets1.us
hlfcm.com
easterniowaweather.info
xn--22-zja.com
4s6.com
xn--22-ng4atbj2c1b4ac1cg7nscs2fzfsevc5ioa.com
szsungold.com
kellytoys4u.com
jncjpxxx.com
ysbsqa-farm4mig2wh2-2-2.com
colourfullvibations.com
colourfulvibrations.com
laserlords.com
bwqj.info
feathersdream.info
peaceplanetproductions.com
peaceplanit.com
loanomat.com
eeywz.org
cclev.org
aqsax.org
acqlb.org
sellomat.com
xn--22-dr5c.com
solartope.org
emsjjkd.net
1-2-2-2.com
shmomom.com
backlink9000-2-2.com
3acai.org
3acai.net
drjmm.org
besth2o.biz
incorruptibleworld.com
Related domains known to have been involved in the campaign and are currently run managed and operated by members of a well-known cybercrime-friendly forum community:
hs-mail.com
gohlke-hs-mail.com
mobservdot.com
rampstercorp.com
swissjabber.ch
internationalidentification.org
wwb-company.com
advertdatacache.com
infohoster.net
millionevents.net
kurortsochi.com
kombykorm.kz
matemat.xyz
knoc.kz
trojanbotnet.com
js-magic.link
js-cdn.link
js-sucuri.link
noteshere.net
mmmstock.com
mmmtrust.net
cloudaway.com
mmmbook.net
greatgadgetsstore.com
sexonlyvideo.com
hypermgp.com
mgpproject.net
hardlink.biz
buyrolex.biz
yourmpgvideo.com
mobiledatadevice.biz
imeretinskiy.club
putehestvie.com
djamix.xyz
extendedfor.xyz
djamix.site
xaker.top
safron.site
djamix.space
kellytoys4u.com
kartoxa.biz
inter-net-net.net
mitraautomation.com
himybro.biz
phoenixlatenightbandits.com
mitra-timbangan.com
mybro.biz
net--net.net
autonewblog.com
rome0.net
favoraim.com
net-net-net-net-net-net.net
hdb-global.com
gdlexpress.com
bwt-logistic.com
arc-sch.com
manesinc1.com
manesinc.com
cansistent.com
depsdm-kemenpan.com
hacklab.pro
bestpochta.com
kuninganonline.com
news-plus.info
net-net-net-net.net
comawhite.net
proxybase.net
net-net.net
123buildmysite.com
net-net-net-net-net.net
theaxiompress.com
xyapakikixox.info
net-net-net.net
bukadarbasit.com
dinzarikbu.info
net---net.net
alanmclaughlin.com
765system.link
mahadevia.com
webisnis.com
thebestupdates.com
mediamaxfilms.com
mitrapengujian.com
Stay tuned!
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
In Retrospective - The "Office" Circa 2006 Up To Present Day
This summary is not available. Please
click here to view the post.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Exposing a Currently Active Malicious Free VPN Domain Portfolio Run and Operated by the NSA - An OSINT Analysis
Currently active free VPN servive domains courtesy of the NSA known to have been participating in the campaign:
Stay tuned!
bluewebx.com
bluewebx.us
irs1.ga
iranianvpn.net
IRSV.ME
DNSSPEEDY.TK
ironvpn.tk
ironvpn.pw
irgomake.win
make-account.us
make-account.ir
IRANTUNEL.COM
JET-VPN.COM
newhost.ir
homeunix.net
vpnmakers.com
hidethisip.info
uk.myfastport.com
witopia.net
worldserver.in
music30ty.net
misconfused.org
privatetunnel.com
aseman-sky.in
Related domains known to have been involved in the campaign:
gaysexvideo.us
keezmovies.us
hitporntube.com
enjoyfreesex.com
allfreesextube.com
thegaytubes.com
sextubeshop.com
pornfetishexxx.com
ebonypornox.com
freepornpig.com
marriagesextube.com
searchporntubes.com
suckporntube.com
darlingmatures.com
pornretrotube.com
teensexfusion.net
rough18.us
teendorf.us
1retrotube.com
typeteam.com
biosextube.com
hadcoreporntube.com
reporntube.com
telltake.com
asianprivatetube.com
hostednude.com
alfaporn.com
sexbring.com
porntubem.com
newerotictube.com
firstretrotube.com
oralsexlove.com
1bdsmtubes.com
hairytubeporn.com
brunettetubex.com
tubelatinaporn.com
xxxgaytubes.com
analxxxvideo.com
analsexytube.com
aeroxxxtube.com
amateurpornlove.com
admingay.com
xxxretrotube.com
xxxshemaletubes.com
hotpornstartube.com
firsttrannytube.com
erotixtubes.com
1pornstartube.com
1asiantube.com
18mpegs.com
maturediva.com
elitematures.com
vipmatures.com
pcsextube.com
porn-vote.com
pornbrunettes.com
maturedtube.com
alfatubes.com
maturetubesexy.com
justhairyporn.com
hotblowjobporn.com
homemadetubez.com
homemadexx.com
golesbiansex.com
fuck-k.com
freebdsmxxx.com
emeraldporntube.com
dosextube.com
bigtitslove.com
yoursex.sexy
tubez.sexy
japaneseporn.win
hdfuck.me
tubelesbianporn.com
vipebonytube.com
vipamateurtube.com
largematuretube.com
latinosextube.com
xxxhardest.com
tubebigtit.com
tubesexa.com
realfetishtube.com
pornways.com
Related domains known to have participated in the campaign:
hi2panel.us
androidserver.us
make22.us
make46.us
make58.us
make-account.us
irspeedy.info
memolfashion.com
irspeedy.com
downloadpluse.com
make-account.com
kashkashun.com
erfan-shop.com
digidoorbin.com
make34.us
make94.us
make82.us
make70.us
make166.us
takeaw.us
irspeedyy.us
make-account2.us
downloadplus.link
mehrdad.biz
mypayments.me
appleid22.com
susadns.com
saba-sdi.com
saba-sdi.design
bluewebx.com
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
My Compilations of Personally Identifiable Information Belonging to Multiple International and High-Profile Cyber Threat Actors - An Elaboration
Awesome!
I just got my first Notice of European Data Protection Law Removal Request for my personal blog in particular for one of my compilations of personally identifiable information. Great stuff!
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Commenting on the SANS Threat Intelligence Summit 2021 Presentations - An Analysis and Practical Recommendations
I recently came across to the entire portfolio of SANS Threat Intelligence Summit presentations which are currently online at YouTube and I've decided to take the time and effort to go through them and offer practical and relevant threat intelligence and OSINT advice and recommendations which I hope will come handy to the presenters including anyone currently working in the field or interested in making an impact as a threat intelligence analyst.
- Analyzing Chinese Information Operations with Threat Intelligence - this is a pretty informative presentation that offers practical and relevant Information Operations advice including a pretty decent case study on the topic of a high-profile information leak campaign based in China
- Collections and Elections: How The New York Times built an intel collections program in 2020 - this is a pretty informative presentation that offers an in-depth and relevant advice on building threat intelligence capabilities in terms of building a threat intelligence team including a first person experience in the process of building a threat intelligence program
- Better Than Binary: Elevating State Sponsored Attribution via Spectrum of State Responsibility - this is a pretty informative presentation that offers a very good overview of various threat intelligence techniques including collection enrichment and actual technical collection advice
What the presenters should keep in mind when doing their research and homework is to actually implement a threat intelligence "rock star" mentality when doing research and actually attempt to take a step higher in their research and make disruption and actually take both active and proactive measures and actions against specific cyber threat actors and adversaries.
I've been recently working on several articles on the topic of threat intelligence and I came up with a proper article which I'll share in this post with the idea to improve my reader's situational awareness on the topic eventually improving the way they work and do threat intelligence gathering online.
----------------------
00. The Basics of Threat Intelligence - A Novice Cyber Threat Researcher’s Guide
In this article we’ll aim to successfully provide an in-depth overview of the Threat Intelligence Gathering process including various methodologies for processing enriching and dissemination including active case studies and in-depth overview of various standards and technologies including an in-depth overview of various Threat Intelligence Gathering tools and techniques. This article aims to successfully provide readers with general and in-depth overview of the Threat Intelligence Gathering process including live and relevant examples including in-depth overview of various Threat Intelligence Gathering tools and techniques.
This article is aiming to target a diverse set of audience including security practitioners information security professionals threat intelligence analysts and organizations seeking an informative and educational approach further understanding the basics of threat intelligence including an in-depth overview of various threat intelligence methodologies and practices including a variety of in-depth case studies related to threat intelligence gathering including an in-depth discussion on various methodologies and threat intelligence gathering tools.
Overview of Threat Intelligence
Threat intelligence is a multi-disciplinary approach to collecting processing and disseminating actionable threat intelligence for the purpose of ensuring that an organizations security defense is actively aware of threats facing its infrastructure so that an adequate and cost-effective strategy can be formulated to ensure the confidentiality integrity and availability of the information. Threat Intelligence is the process of collecting processing and disseminating actionable intelligence for the purpose of ensuring that an organizations infrastructure remains properly secured from threats facing its infrastructure. The collection phrase can be best described as the process of obtaining processing and analyzing actionable threat intelligence for the purpose of processing and disseminating the processed data. The collection phrase consists of actively obtaining real-time threat intelligence data for the purpose of processing enriching and assessing the data for the purpose of processing and disseminating the data.
The collection phase consists of active monitoring of sources of interest including various public and privately closed community sources for the purpose of establishing an active threat intelligence gathering program foundation. The collection phrase consists of assessing and selecting a diverse set of primary and secondary public and privately closed sources for the purpose of establishing a threat intelligence gathering model. The collection phase consists of assessing and selecting primary and secondary public and privately closed sources for the purpose of establishing an active threat intelligence collection model. The collection phase consists of assessing the primary secondary public and privately closed sources for the purpose of establishing an active threat intelligence gathering collection model. The collection phase consists of assessing and selecting the primary and secondary public and privately closed sources for the purpose of establishing the foundations of the collection phrase.
What analysts should keep in mind when doing threat intelligence collection including the actual Technical Collection process in terms of obtaining access to actual raw threat intelligence information which includes domains URLs and MD5's that also includes raw cybercrime forum information or actual copies of a cybercrime friendly forum community for the purpose of building a capacity driven threat intelligence program in terms of profiling and applying basic cyber attack attribution methodologies is to have a well trained staff force which could easily and efficiently obtain access to both real-time current and historical threat intelligence information using proprietary and publicly accessible sources for the purpose of enriching the information and actually coming up with new and novel research and cyber attack trends analysis.
The processing phrase consists of actively selecting processing tools and methodologies for the purpose of setting the foundations for a successful processing of the data. The processing phase consists of actively processing the threat intelligence gathering collected data for the purpose of establishing the foundations for a successful processing of the data. The processing phase consists of collecting the processed data for the purpose of establishing the foundations for a successful processing of the collected data for the purpose of processing and enriching the processed data. The processing phase consists of active collection enrichment and processing of the collected data for the purpose of active processing of the collected data. The processing phase consists of active selection of primary and secondary public and privately closed sources for the purpose of processing the collected data for the purpose of enriching and processing the collected data. The processing phase consists of active real-time aggregation of actionable threat intelligence data for the purpose of establishing the foundations of active processing and enrichment of the processed data for the purpose of processing and enriching of the processed data.
What analysts should keep in mind when doing threat intelligence processing is the relevance and timeliness of the actual information including the quality of the source including public and proprietary sources where the analysts should keep in mind that a huge portion of the information that could properly protect an enterprise or a vendor online is already publicly accessible and should be properly processed including possibly enriched in terms of coming up with the big picture in terms of the actual information including to come up with novel and new cyber attack attribution research. Sticking to major threat intelligence sharing and dissemination standards should be crucial in terms of feeding the publicly accessible and processed information into a threat intelligence processing system that also includes a cyber attack attribution process for the purpose of coming up with new and novel research including actual cyber attack attribution research using a researcher's or an organization's own methodology.
The dissemination phase consists of active processing and dissemination of the processed data for the purpose of communicating the actionable intelligence for the purpose of ensuring that an organizations defense is actively aware of the threats facing its infrastructure and security defense mechanisms. The dissemination phase consists of active distribution of the processed and enriched actionable intelligence for the purpose of active dissemination of the processed and enriched data. The dissemination phase consists of active dissemination and enrichment of the processed data for the purpose of establishing the foundations of an active threat intelligence gathering process. The dissemination phase consists of active communication and distribution of the processed and enriched data for the purpose of communicating the processed and enriched data across the organizations security defense mechanisms.
What analysts should keep in mind when disseminating threat intelligence is to always reach out to the proper parties including as many sources of information as possible for the purpose of presenting their research and information to the security industry industry and the security community in an in-depth enriched and properly processed way potentially assisting the security industry and the security community on its way to properly attribute a cyber attack or detect new cyber attack trends.
Threat Intelligence Methodologies
Numerous threat intelligence methodologies are currently available for an organization to take advantage of on its way to properly secure its infrastructure taking into consideration a proactive security response. Among the most common data acquisition strategies remains the active data acquisition through forum and communities monitoring including the active monitoring of private forums and communities. Carefully selecting and primary and secondary sources of information is crucial for maintaining the necessary situational awareness to stay ahead of threat facing the organizations infrastructure including the establishment of an active response through an active threat intelligence gathering program. Among the most common threat intelligence acquisition methodologies remains the active data acquisition through primary and secondary forums and communities including the data acquisition through private and secondary community based type of acquisition platforms.
Among the most common threat intelligence data acquisition strategies remains the active team collaboration in terms of data acquisition data processing and data dissemination for the purpose of establishing an active organizations security response proactively responding to the threats facing an organizations infrastructure. Among the most common data acquisition strategies in terms of threat intelligence gathering methodologies remains the active enrichment of the sources of information to include a variety of primary and secondary sources including private and community based primary and secondary sources.
Proactive Threat Intelligence Methodologies
Anticipating the emerging threat landscape greatly ensures an organizations successful implementation of a proactive security type of defense ensuring that an organizations security defense remains properly protected from the threats facing its infrastructure. Properly understanding the threat landscape greatly ensures that a proactive response can be properly implemented for the purpose of ensuring that an organizations security defense remains properly protected from the threats facing its infrastructure. Taking into consideration the data obtained through an active threat intelligence gathering program greatly ensures that a proactive security response can be adequately implemented to ensure that an organizations security defense remains properly protected from the threats facing its infrastructure.
Among the most common threat acquisition tactics remains the active understanding of the threats facing an organizations security infrastructure to ensure that an adequate response can be properly implemented ensuring that an organizations defense remains properly protected from the threats facing its infrastructure. Among the most common threat intelligence gathering methodologies remains the active team collaboration to ensure that an active enrichment process can be properly implemented further ensuring that an organizations defense can be properly protected from the threats facing its infrastructure. Based on the information acquired through an active threat intelligence gathering acquisition processing and dissemination program further ensuring that an organizations infrastructure can be properly protected from the threats facing its infrastructure.
The Future of Threat Intelligence
The future of threat intelligence gathering largely relies on a successful set of threat intelligence gathering methodologies active data acquisition processing and dissemination strategies including the active enrichment of the processed data for the purpose of ensuring that an organizations security defense remains properly in place. The future of threat intelligence largely relies on the successful understanding of multiple threat vectors for the purpose of establishing an organizations security defense. Relying on a multi-tude of enrichment processes including the active establishment of an active threat intelligence gathering acquisition processing and dissemination program greatly ensures that a proactive team-oriented approach can be implemented to ensure that an organizations security defense remains properly protected from the threats facing its infrastructure.
----------------------
including the following second article which I've been working on in terms of using OSINT in combination with threat intelligence to do a better research online and actually come up with novel and never-published research and cyber threat actor research and analysis:
---------------------
00. Basics of OSINT in the Context of Fighting Cybercrime - The Definite Beginner's Guide
“What use are they? They’ve got over 40,000 people over there reading newspapers.” - President Nixon
This introductory guide into the world of OSINT is part of an upcoming series of articles aiming to assist both novice and experienced security practitioners including analysts for the purpose of entering the world of OSINT for cybercrime research and aims to offer a high-profile and never-published before practical and relevant in today’s nation-state and rogue cyber adversaries Internet and cybercrime ecosystem whose purpose general overview and introductory material and training course material for novice beginners including advanced Internet users hackers security consultants analysts including researchers who are interested in exploring the world of OSINT (Open Source Intelligence) for the purpose of making a difference doing their work in a better and more efficient way including to actually be fully capable and equipped to catch the bad guys online including to monitor and track them down to the point of building the big picture of their fraudulent and rogue online activities. The course including the actual learning and training material is courtesy of Dancho Danchev who is considered one of the most popular security bloggers threat intelligence analysts and cybercrime researchers internationally and within the security industry.
The primary purpose behind this guide is to summarize Dancho Danchev’s over a decade of active passive and active including actionable threat intelligence and OSINT research type of experience including cybercrime research type of experience where the ultimate goal would be to empower the student or the organization taking this course into better doing their online research work including to be fully capable of tracking down and monitoring the rogue and malicious online activities of the bad guys online where the ultimate goal would be to better position and enhance your cyber attack or malicious threat actor cyber campaign attribution skills ultimately improving your work activities and actually empowering you to learn how to do OSINT for good and most importantly to track down and monitor the bad guys.
Introduction
In a world dominated by sophisticated cybercrime gangs and nation-state sponsored and tolerated rogue cyber actors the use of OSINT (Open Source Intelligence) is crucial for building the big picture in the context of fighting cybercrime internationally including to actually "connect the dots" in the context of providing personally identifiable information to a closed-group and invite-only LE community including international Intelligence Agencies on their way to track down and prosecute the cybercriminals behind these campaigns.
In this training and learning material Dancho Danchev one of the security industry's most popular and high-value security blogger and cybercrime researcher will offer an in-depth peek inside the world of OSINT in the context of fighting cybercrime and will provide practical advice examples and case in particular on how he tracked down and shut down the infamous Koobface botnet and continued to supply never-published and released before potentially sensitive and classified information on new cyber threat actors which he continued to publish at his Dancho Danchev's blog.
Basics of OSINT
OSINT in the context of fighting cybercrime can be best described as the systematic and persistent use of public information for the purpose of building a cyber threat intelligence enriched data sets and intelligence databases both for real-time situational awareness and historical OSINT preservation purposes which also include to actually "connect the dots" in cybercrime gang and rogue cyber actor campaigns and cyber attack type of campaigns. A general example would consist of obtaining a single malicious software sample and using it on a public sandbox to further map the infrastructure of the cybercriminal behind it potentially exposing the big picture behind the campaign and connecting the dots behind their infrastructure which would lead to a multi-tude and variety of personally identifiable information getting exposed which could help build a proprietary cybercrime gang activity database and actually assist LE in tracking down the prosecuting the cybercriminals behind these campaigns.
"There's no such thing as new cyber threat actors. It's just new players adopting economic and marketing concepts to steal money and cause havoc online."
The primary idea here is to locate free and public online repositories of malicious software and to actually obtain a sample which will be later on used in a public sandbox for the purpose of mapping the Internet-connected infrastructure of the cybercrime gang in question including to actually elabore more on the ways they attempt to monetize the access to the compromised host including possibly ways in which they make money including to actually find out what exactly are they trying to compromise. Possible examples here include VirusTotal or actually running a malware interception honeypot such as for instance a spam trap which would allow you to intercept currently circulating in the wild malare campaigns that propagate using email and actually analyze them in terms of connecting the dots exposing their Internet-connected infrastructure and establishing the foundations for a successful career into the world of malicious software analysis and cybercrime research.
"Everything that can be seen is already there".
The next logical step would be to properly assess and analyze the recently obtained sample and to properly establish the foundation of a "connect the dots" culture within your organization where the primary goal would be to have researchers and analysts look for clues on their way to track down and monitor a specific campaign potentially coming up with new and novel cyber attack attribution research. Visualization is often the key to everything in terms of visualizing threats and looking for additional clues and possible cyber attack attribution clues where a popular visualization and threat analysis tool known as Maltego should come into play which basically offers an advanced and sophisticated way to process OSINT and cybercrime research and threat intelligence type of information and actually enrich it using public and proprietary sources of information for the purpose of establishing the big picture and actually connecting the dots for a specific cyber attack campaign.
Among the first things that you should consider before beginning your career in the World of OSINT is that everything that you need to know about a specific online event a specific online campaign that also includes the activities of the bad guys online is already out there in the form of publicly accessible information which should be only processed and enriched to the point where the big picture for a specific event or a malicious online campaign should be established using both qualitative and quantitative methodologies that also includes the process of obtaining access to the actual technical details and information behind a specific online event or an actual malicious and rogue online campaign.
Among the few key things to keep in mind when doing OSINT including actual OSINT for cyber attack and cyber campaign attack attribution is the fact that in 99% of the cases all the collection information that you need in terms of a specific case is already publicly known and is publicly accessible instead of having to obtain access to a private or a proprietary source of information and the only thing that you would have to do to obtain access to it is to use the World’s most popular search engine in terms of collection processing and enrichment.
The second most popular thing to keep in mind when doing OSINT is that you don’t need to obtain access to proprietary even public OSINT tools.
Current State of the Cybercrime Ecosystem
In 2021 a huge number of the threats facing the security industry including vendors and organizations online include RATs (Remote Access Tools) malicious software part of a larger bother malicious and fraudulent spam and phishing emails including client-side exploits and vulnerabilities which have the potential to exploit an organization or a vendor's end points for the purpose of dropping malware on the affected host including the rise of the ransomware threat which is basically an old fashioned academic concept known as cryptoviral extortion.
With more novice cybercriminals joining the underground ecosystem market segment largely driven by a set of newly emerged affiliate based revenue sharing fraudulent and malicious networks offering financial incentive for participation in a fraudulent scheme it shouldn't be surprising that more people are actually joining the cybercrime ecosystem potentially causing widespread damage and havoc online.
With cybercrime friendly forums continuing to proliferate it should be clearly evident that more people will eventually join these marketplaces potentially looking for new market segment propositions to take advantage of for the purpose of joining the cybercrime ecosystem and that more vendors will eventually continue to occupy and launch new underground forum market propositions for the purpose of promoting and looking for new clients for the services.
In a World dominated by a geopolitically relevant Internet cybercrime ecosystem it shouldn't be surpising that more international cybercrime gangs will eventually continue to launch new fraudulent and malicious spam and phishing campaigns that also includes malicious software campaigns for the purpose of earning fraudulent revenue.
With more affiliate based underground market segment based networks aiming to attract new uses where they would forward the risk for the actual infection process and fraudulent transaction to the actual user in exchange for offering access to sophisticated bulletproof infrastructure including advanced and sophisticated malware and ransomware releases it shouldn't be surprising that more people are actually joining these affiliate networks for the purpose of earning fraudulent revenue in the process of causing havoc and widespread disruption online.
---------------------
Overall I believe that the presentations from this event are worth watching and worth going through and I can't wait to actually participate in the Call for Papers for the upcoming virtual Summit.
Happy watching!
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Posts (Atom)