Conference:  Defcon 31

Authors: Lorenzo Cococcia

2023-08-01

Since the dawn of time, humans have been driven to discover new ways of determining their location, and the location of potential threats. In the realm of cyber threat intelligence, the ability to geolocate servers, for instance the one a C2 is running on, is crucial. As a research in its early stages, this speech will delve into the exciting world of offensive geolocation. By leveraging inviolable physical laws, we can measure the time it takes for a signal to travel from an adversary to multiple network sensors, and use this information to accurately calculate their position. This technique is known as latency trilateration has never been used before in the cyber realm, and has significant implications for threat intelligence, sandbox evasion, and even malware self-geolocation. I will also discuss potential limitations and challenges of this approach, as well as its broader implications and potential future developments in this emerging field.

Conference:  OWASP 20th Anniversary Event

Authors: Catalin Curelaru

2021-09-24

The presentation discusses the importance of cyber threat intelligence in protecting applications and businesses. It provides insights on how to integrate it into an application security program and automate data collection and processing to prevent or mitigate cyber attacks.

• Digital technologies have revolutionized the world's economic and cultural institutions but have brought additional risk in the form of cyber attacks
• Cyber Threat Intelligence (CTI) is important in consolidating a company and protecting applications
• CTI is the collection and analysis of information about cyber threats and adversaries to provide context and prevent/mitigate attacks
• CTI should be objectively actionable and help reduce the effectiveness of cyber threats
• CTI can be a driver for cybersecurity return of investment
• CTI is lacking a methodology in the application world
• Intelligence is often shared but hardly used and distribution is difficult
• Lessons from the intelligence community can be applied to CTI