3 Days Left to Get MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Fingerprinting Threat Actors with Web Assets

  • Tuesday, May 08, 2018 at 1:00 PM EDT (2018-05-08 17:00:00 UTC)
  • Rebekah Brown, Mike Thompson


  • DomainTools

You can now attend the webcast using your mobile device!



Threat actors tools, techniques and procedures are evolving at a rapid pace, making it even more difficult for organizations to effectively defend their network. This is forcing security professionals to be more agile and moving beyond simply block and tackle security strategies.

Join SANS instructor, Rebekah Brown and DomainTools Data Systems Engineer, Mike Thompson to learn how the threat intelligence space is changing and what techniques security professionals can apply to stay ahead of threat actors.

In this webinar you will learn:

  •  How the threat intelligence space is evolving 
  • Practical steps your team can take to get ahead of threat actors
  • Real world examples of enumerating attacker infrastructure using web assets and other information scraped from html.

Speaker Bios

Rebekah Brown

Rebekah Brown has spent more than a decade working in the intelligence community; her previous roles include NSA network warfare analyst, operations chief of a United States Marine Corps cyber unit, and a U.S. Cyber Command training and exercise lead. Rebekah has helped develop threat intelligence and security awareness programs at the federal, state and local level, as well as in the private sector. Today, Rebekah leads the Rapid7 threat intelligence programs, where her responsibilities include program architecture, analysis and operations. She is a course author and instructor for SANS FOR578 - Cyber Threat Intelligence, and author of Intelligence Driven Incident Response.

Mike Thompson

Mike Thompson is a Sr Data Systems Engineer at DomainTools. He is interested in studying the Internet as an organism—the way it evolves and changes over time, and what that means for organizations and individuals. Sometimes that requires the perspective of a penetration tester, sometimes a sysadmin, other times a straight up developer or just a curious student. Mike Thompson tries as hard as he can to bring all of these viewpoints to bear in the work that he does.

At his last job as a Cybersecurity Analyst at Argonne National Laboratory, he led the research team that wrote the pioneering study on Internet Infrastructure for the Department of Homeland Security's Office of Infrastructure Protection. He's also co-authored studies on cloud vulnerabilities and remote access to industrial control systems that are currently in use by analysts at the Central Intelligence Agency and Defense Intelligence Agency. He holds multiple patents on server and network defense technologies.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.