In this talk, we're going to share two interesting stories about catching high valuable threat intelligence in the Wild. We'll discuss what it takes to uncover these threats and what challenges we faced along the way.

The first story takes us back to October 2023 when Talos reported that threat actors were exploiting vulnerabilities in Cisco IOS XE Software Web Management User Interface. Patches to fix these issues started coming out after October 22nd. In the meantime, Cisco suggested turning off internet access to the Web Management User Interface. We were not satisfied with this solution, so, before patches were available, we looked for a proof of concept – but there was none. However, we all knew that threat actors were taking advantage of the weakness. So, we set up a honeypot and did some patch diffing. The results surprised us.

The second story is about an incident response situation where we found a new, not well-known technique for stealing credentials. Despite the presence of one of the top-tier Endpoint Detection and Response (EDR) systems in the industry, no alarms were set off.

From the proactive approach of setting up honeypots to uncover vulnerabilities before patches are available, to finding undetected techniques during incident response engagements, these two stories offer valuable insights into the pursuit of high-value threat intelligence.

Hvis du skal ta sikkerhet på alvor bør du ikke gå glipp av dette foredraget!