SANS DFIR Summit 2022

Speaker: Sean O'Connor

WARNING: Beware of Bad Movie Puns

This isn’t your typical Dark Web presentation that only gives a 10,000-foot view of the Internet Iceberg. In this talk we will be diving much deeper (below sea level) to show attendees how to collect, analyze, and exploit Criminal Intelligence (CRIMINT) within the cyber underground and on the blockchain. We will start our adventure 20,000 Leagues Under the Sea, where you’ll witness topics ranging from ransomware operations to illicit cryptocurrency mixing services and darknet marketplaces. The next stop on this Journey to the Center of the Earth will be analyzing the techniques these criminals use to obfuscate their proceeds, such as sending funds to multiple intermediary wallets, chain-hopping, and the use of cash-out services to ultimately launder their funds.

The attendees will learn how forensic investigators can use blockchain analytics tools and techniques to cluster this activity to support attribution efforts of criminal operations. We will then explore three case studies of criminals who operated within the cyber underground, and reverse engineer how government agencies were able to attribute these threat actors’ personas to the in real life (IRL) people behind the keyboards.

After attending this talk, you will be able to do some of your own Good Will (Threat) Hunting within the Cyber Underground and apply similar investigative techniques that Law Enforcement use to identify The Usual Suspects true identities. For more information on the topics covered in this presentation, you can take a sneak peek at the new upcoming SANS FOR589 course that will be available to the public in 2023.

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE