GrrCon 2016 – Using Virus Total Intelligence to track the latest Phishing Document campaigns

One of the biggest problems many in this industry have is taking advantage of good Intelligence sources such as Virus Total and using it to stay one step ahead of the attacker. If you get some intel how far can you really pivot with that information? If you can write yara rules not only can you track these waves of phishing campaigns you can actually stop them. I will show you some research I have been working on and how I can take one phishing document and find thousands more just like it to identify all of the c2 servers, not just one or two. Get ready to track the threat groups yourself!
For More Information Please Visit: http://grrcon.com/
http://www.irongeek.com/i.php?page=videos/grrcon2016/mainlist

Source: SecurityTube.Net @ March 5, 2017 at 06:37PM

0
Share