Threat intelligence with Dan Demeter

Dan Demeter, well-known security researcher in the Romanian information-security space.

In 2014, Dan joined Kaspersky as a malware Security researcher, since then he has worked with various advanced anti-malware solutions and

is currently working with Threat Intelligence in Kaspersky's Global Research and Analysis Team.

In this episode of Hacker talk, we deep dive into malware, threat intelligence, advanced persistent threats, security and defensive security with Dan.

Topics covered in this episode:

Getting into infosec

Romania in the early personal internet space, connecting rj45 network cables to potatoes

milw0rm, Bugtraq mailing list, backtrack, hell bond hackers

Capture the flag(CTF) competitions

Internet café

Threat intelligence

Security research

Kaspersky

Advanced persistence threats, what is an advanced persistence threat?

Finding advanced malware in the wild.

Threat levels for individuals

Threat modeling

Enterprise and consumer malware

Antivirus programs

targeted malware

malware for crypto-currency projects

finding advanced malware as a threat intelligence researcher

bypassing advanced malware checks

Reverse engineering malware

ollydbg, NSA decompiler

Malware obfuscation techniques

yara rules

wrapping malware with VM protect

Post exploitation

malware stages

Lazarus Malware, Bangladesh Cyber Bank Heist

Malware on sim-cards

Using satalite ip addresses

reporting malicious command and control servers

malware campaigns spreading in Romania

phishing and identity theft

Bring your own device policy

Stay safe working from home

Best ways to protect yourself online

Writing malware signatures and writing yara rules

malware similarity engines

Links:

https://hackthissite.org/

https://hbh.sh/home

https://en.wikipedia.org/wiki/Bugtraq

https://en.wikipedia.org/wiki/BackTrack

https://cnc-central.fandom.com/wiki/Command_%26_Conquer:_Red_Alert_-_Remastered

https://securelist.com/

https://securityespresso.org/

https://www.kaspersky.com/

https://twitter.com/kaspersky

https://twitter.com/_xdanx

https://en.wikipedia.org/wiki/OllyDbg

https://hex-rays.com/IDA-pro/

https://ghidra-sre.org/

https://vmpsoft.com/

https://github.com/ParrotSec/mimikatz

https://en.wikipedia.org/wiki/Lazarus_Group

https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery

https://www.kaspersky.com/cyber-crime-lazarus-swift

https://www.kaspersky.com/about/press-releases/2021_security-analyst-summit-back-online-on-september-28-29

https://securelist.com/equation-group-from-houston-with-love/68877/

https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/

https://www.nbcnews.com/tech/security/facebook-sues-israel-s-nso-group-over-alleged-whatsapp-hack-n1073511

https://en.wikipedia.org/wiki/Regular_expression

https://github.com/VirusTotal/yara

https://github.com/neo23x0

https://www.tripwire.com/state-of-security/featured/operation-shadowhammer-hackers-planted-malware-code-video-games/

https://en.wikipedia.org/wiki/Red_October_%28malware%29