Overview

Brandon Dixon and Benjamin Powell present the RiskIQ Threat Hunting Workshop.  The workshop is broken down into two sections.  Part one is the Methodologies for Threat Analysis.  Part two discusses data sources and reviews specific use cases that highlight RiskIQ's data sets utilizing Threat Infrastructure Analysis Methodologies.

Threat Infrastructure Analysis

The attackers' outside perspective enables them to take advantage of your continually expanding web and mobile presence that operates outside of your firewall.

Approaching and interacting with the web and mobile properties as a real user would, RiskIQ technology disarms attackers' evasion techniques, collects user session data, and detects phishing, malware, rogue apps, unwanted content, and domain infringement at scale to deliver actionable, event-based threat alerts and workflows.

As more threat data becomes available, more tools, education, and effort are required by analysts to understand the data sets and their corresponding threats. RiskIQ’s PassiveTotal unifies these efforts by providing a single view into multiple data sources.

YouTube Channel Links

Part One: Introduction and Methodologies

https://www.youtube.com/playlist?list=PLgLzPE5LJevb_PcjMYMF2ypjnVcKf8rjY

Part Two: Data Sets and Examples

https://www.youtube.com/playlist?list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9

Part One

Youtube Video Links:

1 - Methodologies for Threat Analysis - Intro & Threat Analysis Lifecycle

https://www.youtube.com/watch?v=Y-l_cs7snu8&index=1&list=PLgLzPE5LJevb_PcjMYMF2ypjnVcKf8rjY&t=0s

2 - Methodologies for Threat Analysis - You can't avoid the internet

https://www.youtube.com/watch?v=vOxK6763Yog&index=2&list=PLgLzPE5LJevb_PcjMYMF2ypjnVcKf8rjY&t=0s

3 - Methodologies for Threat Analysis - Signals to the rescue

https://www.youtube.com/watch?v=Jgp5D0QCzlo&t=0s&list=PLgLzPE5LJevb_PcjMYMF2ypjnVcKf8rjY&index=3

4 - Methodologies for Threat Analysis - TIA

https://www.youtube.com/watch?v=ot_-G5FBwpg&t=0s&list=PLgLzPE5LJevb_PcjMYMF2ypjnVcKf8rjY&index=4

5 - Methodologies for Threat Analysis - Forming infrastructure chains

https://www.youtube.com/watch?v=2AhMOAZQ0D8&t=0s&list=PLgLzPE5LJevb_PcjMYMF2ypjnVcKf8rjY&index=5

6 - Methodologies for Threat Analysis - Analyzing the layers

https://www.youtube.com/watch?v=_j7hZzVyzNc&t=0s&list=PLgLzPE5LJevb_PcjMYMF2ypjnVcKf8rjY&index=6

7 - Methodologies for Threat Analysis - Caveats to TIA

https://www.youtube.com/watch?v=Rp3fTGjncOw&t=0s&list=PLgLzPE5LJevb_PcjMYMF2ypjnVcKf8rjY&index=7

8 - Methodologies for Threat Analysis - Why apply TIA in your organization

https://www.youtube.com/watch?v=vXwfyIJy2cM&index=7&list=PLgLzPE5LJevb_PcjMYMF2ypjnVcKf8rjY

Part Two

Youtube Video Links:

1 - THW Data Sets - Intro & Account Settings

https://www.youtube.com/watch?v=-eOsN7zLSMg&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&t=0s&index=1

2 - THW Data Sets - Resolutions

https://www.youtube.com/watch?v=k031O6d8LLo&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&index=1

3 - THW Data Sets - DNS

https://www.youtube.com/watch?v=36O1OKJh95k&index=2&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9

4 - THW Data Sets - Subdomains

https://www.youtube.com/watch?v=dHDmNgrr8-8&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&index=3

5 - THW Data Sets - WHOIS

https://www.youtube.com/watch?v=qGGq4SKOC5o&index=5&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&t=0s

6 - THW Data Sets - Creating Chains

https://www.youtube.com/watch?v=012mLuCKprk&t=15s&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&index=6

7 - THW Data Sets - Hashes

https://www.youtube.com/watch?v=NJlkCIXrgcg&index=7&t=5s&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9

8 - THW Data Sets - OSINT

https://www.youtube.com/watch?v=bno8CFZea5M&index=8&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&t=0s

9 - THW Data Sets - Email Investigation

https://www.youtube.com/watch?v=UYLhGfUsLNA&index=9&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&t=0s

10 - THW Data Sets - Projects

https://www.youtube.com/watch?v=43iIiKcECUM&t=2s&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&index=10

11- THW Data Sets - Utilizing Projects in an Investigation

https://www.youtube.com/watch?v=sWrvlH9SSts&index=10&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9

12 - THW Data Sets - PDNS & WHOIS Investigation

https://www.youtube.com/watch?v=_LMumtAVePA&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&t=0s&index=12

13 - THW Data Sets - Increasing Signal Collection & How Virtual User Crawler Works

https://www.youtube.com/watch?v=HmefeJU4SWE&t=43s&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&index=13

14 - THW Data Sets - What is in a website

https://www.youtube.com/watch?v=kWJH4DTKX70&index=14&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&t=11s

15 - THW Data Sets - Operationalizing Crawl Data

https://www.youtube.com/watch?v=_Sei-87Lrn8&t=26s&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&index=15

16 - THW Data Sets - Certificates

https://www.youtube.com/watch?v=gT32VeQLG2g&index=15&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9

17 - THW Data Sets - Trackers

https://www.youtube.com/watch?v=YAjC-ho640g&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&index=16

18 - THW Data Sets - Increased Visibility

https://www.youtube.com/watch?v=ROhiXWeJ5QE&index=17&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9

19 - THW Data Sets - Host Pairs

https://www.youtube.com/watch?v=izUwu9juCHU&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&index=18

20 - THW Data Sets - Crawl Data Investigation

https://www.youtube.com/watch?v=uceLmvKEReI&index=19&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9

21 - THW Data Sets - Components

https://www.youtube.com/watch?v=OBHMuEzPg8o&index=20&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9

22 - THW Data Sets - Cookies

https://www.youtube.com/watch?v=xWNrEOb4khw&index=21&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9

23 - THW Data Sets - Domain Artifact Investigation

https://www.youtube.com/watch?v=ZWg5cDxXAR8&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&index=22

24 - THW Data Sets - Digital Footprint

https://www.youtube.com/watch?v=99B8fLIlm-Y&list=PLgLzPE5LJevYLWdBzPcxZ0ozFjpmHBPN9&index=23