Security BSides London 2016

Current approaches to protect sensitive data, such as Intrusion Detection Systems, Anti-Virus programs, traditional Incident Response methodologies by themselves are no longer enough to face today’s relentless threats. Cybercrime used to be a hobby. Now is highly organized, more financially driven and in many cases operating much like legitimate businesses, complete with organizational charts, C-level executives and even human resources departments. Cyber-threat actors are constantly improving their tools, techniques and procedures (TTP) to gain access to valuable companies’ data.

According to the “2015 Verizon Data Breach Investigations Report”, in 60% of cases attackers are able to compromise organizations within minutes and 75% of the attacks spread from victim 0 to victim 1 within a day.

Cyber-attacks have changed and is extremely important to implement additional levels of protection to identify incidents and malicious events. Organizations need a holistic view of the threat landscape to proactively fight a multitude of new threats that companies can face every day.

This is where Threat Intelligence comes into play, whether you are a SOC analyst, an incident responder or a cyber-security analyst; knowing more about attackers’ actions, correlating IoCs (Indicator of Compromise), network traffic patterns and any other collected data can give you a real advantage against cyber-enemies.
Unfortunately, not all the companies have enough budget to spend on Threat Intelligence Platform and Programs (TIPP); that’s why OSTrICa has been developed. OSTrICa is a free framework that allows everyone to automatically collect and visualize any sort of threat intelligence data harvested, from both open source and commercial sources, allowing anyone to create a relevant and accurate threat profile based on the information collected. Moreover, OSTrICa is Open Source, plugin-oriented and comes already with a set of plugins capable of collecting highly valuable information regarding suspicious domains, IPs, malware hashes, malware behaviour and much more.

If attacks investigation and threat intelligence is within your agenda or one of you top priority, then this talk is for you. In this speech I will describe:
• The lifecycle of an attack (including APT - Advanced Persistent Threat)
• What is Threat Intelligence and why it is so important and useful for an organization especially during Incident Response operations
• How powerful Open Source Threat Intelligence data can be
• What is OSTrICa and how important an open source and plugin-oriented framework can be during threat intelligence collection and attack investigation
• How OSTrICa works and what can do with the current plugin set
• How to develop OSTrICa plugins
• Different scenarios where OSTrICa could be used

Note: Alpha version of OSTrICa will be released in June 2016 and will be available for download from my GitHub page (https://github.com/Ptr32Void/) with all the current developed plugins.