DomainTools 101: The Art of Tracking Threat Actors

Threat Intelligence in the Real World

There’s a lot of hype surrounding the topic of “threat intelligence”, therefore, we held a networking breakfast where attendees had an opportunity to transcend the noise and learn about real-world applications of threat intel for incident response and situational awareness. It’s less intimidating than you might think to start incorporating Open Source Intelligence (OSINT) and enrichment data (such as Domain names, Passive DNS, IP addresses, Whois records, Reputation scores, etc.) in your security framework.

Matt Kodama (VP of Product at Recorded Future), Mark Kendrick (Director of Solution Engineering of DomainTools), and Merike Kaeo (CTO at Farsight Security) put together this educational session to introduce specific techniques you can use as soon as you get back to your desk.

This seminar focuses on how to:

  • Identify fruitful sources of open source intelligence (OSINT) to conduct adversary analysis during known or suspected breaches;
  • Create maps of threat actor infrastructure that can help you spot earlier incursions and defend against current and future attacks;
  • Use easily-discoverable information about threat actors to triage indicators of compromise (IoCs) during known or suspected breach activity;