Will Thomas
Currently working as a Senior Threat Intel Advisor at Team Cymru. Previously Will was a CTI Researcher and Threat Hunter at the Equinix Threat Analysis Center (ETAC). Prior to this, I worked for Cyjax, a UK-based CTI vendor. His other main commitment is as the co-author of the SANS FOR589: Cybercrime Intelligence course. I have also volunteered my spare time to being the co-founder and main organiser of the Curated Intelligence trust group, Bournemouth 2600, and BSides Bournemouth.
Session
This talk will discuss how Team Cymru can track North Korea Threat Actor Infrastructure using our network intelligence collection. Using real-world examples, attendees will see how using NetFlow, Open Ports data, PDNS, and X509 certificates it is possible to monitor the activities of one of the world's most advanced financially motivated state-sponsored campaigns.