One More Day to get an iPad mini, Surface Go 2, or Take $300 Off with OnDemand Training

SANSFIRE 2020 - Live Online

Virtual, US Eastern | Sat, Jun 13 - Sat, Jun 20, 2020

Tracking Down the Cyber Criminals: Revealing Malicious Infrastructures with Umbrella

  • Chris Bilodeau
  • Thursday, June 18th, 12:30pm - 1:15pm

Time Zone: US - Eastern

Cyber criminals are exploiting the Internet to build agile and resilient infrastructures. The Internet is open and info to expose these infrastructures is out there. The challenge is making sense of the fragmented data out there. Connecting the dots, by analyzing data (DNS queries, BGP anomalies, ASN reputation, network prefixes/IP fluctuations), allows us to map out where malicious infrastructure is and attacks are staged. This gives the defender the upper hand by letting them pivot through the criminal infrastructure.

This session will explain how some of the Cisco Umbrella classifiers work and provide examples of threats that have been detected using this technology. First we focus on the detection models that can be built and applied (such as co-occurrences, NLPRank, Spike Detectors, Malvertising-clustering), and how these can expose malicious infrastructures and APTs. The next part provides a practical use case on how this innovative approach can be used to pivot through attackers' infrastructure and protect organizations from advanced threats. Examples include crypto phishing and crypto jacking. Finally, we will show some of this analysis visualized in 3D.

REGISTER HERE

Cisco Umbrella

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Lunch & Learn: Short presentations given during the lunch break.
Monday, June 15
Session Speaker Time Type
Cybersecurity: Why Asset Management Matters Andrew Senko Monday, June 15th, 12:30pm - 1:15pm Lunch and Learn
Leverage DNS OSINT at Scale Taylor Wilkes-Pierce Monday, June 15th, 12:30pm - 1:15pm Lunch and Learn
ISC Handler Series: SANS@MIC -Arcane web and mobile application vulnerabilities Bojan Zdrnja Monday, June 15th, 3:30pm - 4:30pm SANS@Night
ISC Handler Series: SANS@MIC- A walk through logs hell Xavier Mertens Monday, June 15th, 8:30pm - 9:30pm SANS@Night
Tuesday, June 16
Session Speaker Time Type
Does Your Web Browser Need a Stunt Double? Rajiv Raghunarayan Tuesday, June 16th, 12:30pm - 1:15pm Lunch and Learn
Wednesday, June 17
Session Speaker Time Type
How Implementing SOAR Improves Efficiency In Your Organization Jay Spann Wednesday, June 17th, 12:30pm - 1:15pm Lunch and Learn
Proactive Threat Hunting with SOAR Alex Valdivia Wednesday, June 17th, 12:30pm - 1:15pm Lunch and Learn
ISC Handler Series: SANS@MIC - Catch and release: phishing techniques for the good guys Jan Kopriva Wednesday, June 17th, 3:30pm - 4:30pm SANS@Night
ISC Handler Series: SANS@MIC - Maldocs: a bit of blue, a bit of red Didier Stevens Wednesday, June 17th, 8:30pm - 9:30pm SANS@Night
Thursday, June 18
Session Speaker Time Type
Effortlessly Immunize Software - Rapidly Inoculate Compiled Code Against Software Memory Vulnerabilities Doug Britton Thursday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Expert Playbooks for Non-Expert Use Alex Kirk Thursday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Tracking Down the Cyber Criminals: Revealing Malicious Infrastructures with Umbrella Chris Bilodeau Thursday, June 18th, 12:30pm - 1:15pm Lunch and Learn