OnDemand Includes 4 Months Access to Course Content - Special Offers Available Now!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Mapping Attack Infrastructure: Leave Your Foe With Nowhere to Hide

  • Thursday, March 31, 2016 at 1:00 PM EDT (2016-03-31 17:00:00 UTC)
  • Stephen Ginty, John Pescatore


  • RiskIQ

You can now attend the webcast using your mobile device!



Attackers get away with Advanced Persistent Threats (APTs) by hiding their attack infrastructure in the vastness of the Internet. If you are an analyst, you need a way to stay ahead of your foe. RiskIQ's PassiveTotal makes it easy for analysts to investigate threats, using critical data sets to reveal the full scope of the adversary's infrastructure. Once the adversary's digital footprint is illuminated, it's quicker and easier for an organization to respond to incidents and proactively defend their environments. RiskIQ's PassiveTotal founder and Sr. Product Manager, Steve Ginty will demonstrate how effective it is to bring context to incidents using PassiveTotal.

In this webinar Steve will:
  • Show you how to use RiskIQ's PassiveTotal Platform to illuminate an attacker's infrastructure, improve analysis, visualize data, integrate toolchains, and block future attacks.
  • Provide an overview into infrastructure analysis and methodologies
  • Demonstrate how to use IOCs to quickly map attack infrastructure.
  • Discuss the most useful datasets (i.e. WHOIS, DNS, SSL Certificates, etc.) to bring context to an attack.

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013. He has 35 years' experience in computer, network and information security. Prior to joining the SANS Institute, Mr. Pescatore was Gartner's lead security analyst for 13 years, working with global 5000 corporations and major technology and service providers. Before joining Gartner, Mr. Pescatore was Senior Consultant for Entrust Technologies and Trusted Information Systems, where he started, grew and managed security consulting groups focusing on firewalls, network security, encryption and Public Key Infrastructures. Prior to that, Mr. Pescatore spent 11 years with GTE developing secure computing and telecommunications systems. Mr. Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a Bachelor's degree in Electrical Engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. He is also an Extra class amateur radio operator, callsign K3TN.

Stephen Ginty

Stephen Ginty, also known as Steve, is the Founder of RiskIQ's PassiveTotal, a powerful threat analysis and data visualization platform that surfaces the footprint of an attacker, making threat investigations and incident response quicker. Steve has more than nine years of experience in the IT Security Industry. He has spent the past five years researching targeted intrusions against Fortune 500 organizations. His experience includes leading a team of multi-disciplined researchers implementing proactive methodologies to track threat actor infrastructure and malware associated with attack activity. His primary areas of research include threat infrastructure analysis and threat data visualization

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.