Presented by Julian DeFronzo and Ben April
Most bad actors use infrastructure for multiple attacks while switching across domains as they are taken down. It is important to expose an entire infrastructure in order to proactively block against potential future attacks.
In this presentation, “ One Bad Indicator Leads to Another,” Farsight Security Director of Research Ben April and ThreatQuotient Senior Solutions Architect Julian DeFronzo will walk you through a real investigation by starting with one domain and then exposing an entire hosting infrastructure using Passive DNS. Then they will illustrate the same investigation within the ThreatQuotient platform and show how the results can be utilized across the network in order to improve the accuracy and response time to cyberattacks.
Key Points include:
- Conducting a real investigation by starting with one domain and then exposing an entire hosting infrastructure using Passive DNS.
- Illustrate the same investigation within the ThreatQuotient platform
- Demonstrate how the results can be utilized across the network in order to improve the accuracy and response time to cyberattacks
Senior Solutions Architect
Julian DeFronzo is a Senior Solutions Architect at ThreatQuotient. As a member of Threat Intel Services team, he is responsible for designing innovative integrations and performing research to enhance the ThreatQ platform. Julian was also a key member in the development of ThreatQuotient’s internal security program. Prior to joining ThreatQuotient, Julian worked in various roles ranging from security programs development, architecting security automation toolsets, and performing threat-hunting and data-analysis for a major MSSP. Julian enjoys working with data and improving it's usability for security practitioners.
Director of Research
Ben April is the Director of Research at Farsight Security, Inc. Prior to joining Farsight, Ben spent eight years at Trend Micro, where he became the Americas regional manager of the Forward-looking Threat Research team. Ben has presented to security conferences on five continents, covering topics like Bitcoin, NFC, operational security and infrastructure security. He has built research systems for collecting and aggregating data, from Whois and the Bitcoin block-chain to the global routing table. His current crusade is to eliminate the technical and policy barriers that impede data-sharing among white-hat security researchers. "Once the good guys can share data as effectively as the criminals, we might have a chance.” Ben is also a volunteer sysadmin and coder for some community security projects.