�ݺ�ߣshows by User: RyanKovar

�ݺ�ߣshows by User: RyanKovar / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: RyanKovar / Mon, 29 Jan 2018 20:34:07 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: RyanKovar The Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning /slideshow/the-hidden-empires-of-malware-with-tls-certified-hypotheses-and-machine-learning/86874128 sansctihiddenempiresofmalware1-180129203407
The “threat hunting” landscape has drastically changed due to the increase in encrypted transport layer security (TLS) Internet traffic. The days of adversaries registering domains with their given names are gone, and malicious actors increasingly use malware that takes advantage of TLS encryption to hide their tracks. Yet, even in this brave new world of altered tactics, techniques, and procedures, adversaries leave clues that can expose their infrastructure. To find these clues, however, blue teams need to learn some new tricks. This talk focuses on expanding on techniques that have been researched and presented at various conferences by Mark Parsons, and specifically on his methods for using TLS certificates to find malicious malware infrastructure. We will build on Parsons’ body of work and show how his approach to malware certificate hunting can be expanded to detect instances of PowerShell Empire servers that have self-generated SSL certifications on port 443 and 8080. These certificates have a unique fingerprint that can be detected by leveraging tools like zmap/zgrep, python, and statistics/machine learning. The results of this research will show how network defenders can find previously unknown instances of malicious infrastructure communicating with their network and prevent them in the future. Finally, we will discuss our creation of hypotheses, codes and techniques, and methods of validation for verification. We’ll then release our tools and methodology for use by the community to explore other potential “hidden empires” of malware]]>
The “threat hunting” landscape has drastically changed due to the increase in encrypted transport layer security (TLS) Internet traffic. The days of adversaries registering domains with their given names are gone, and malicious actors increasingly use malware that takes advantage of TLS encryption to hide their tracks. Yet, even in this brave new world of altered tactics, techniques, and procedures, adversaries leave clues that can expose their infrastructure. To find these clues, however, blue teams need to learn some new tricks. This talk focuses on expanding on techniques that have been researched and presented at various conferences by Mark Parsons, and specifically on his methods for using TLS certificates to find malicious malware infrastructure. We will build on Parsons’ body of work and show how his approach to malware certificate hunting can be expanded to detect instances of PowerShell Empire servers that have self-generated SSL certifications on port 443 and 8080. These certificates have a unique fingerprint that can be detected by leveraging tools like zmap/zgrep, python, and statistics/machine learning. The results of this research will show how network defenders can find previously unknown instances of malicious infrastructure communicating with their network and prevent them in the future. Finally, we will discuss our creation of hypotheses, codes and techniques, and methods of validation for verification. We’ll then release our tools and methodology for use by the community to explore other potential “hidden empires” of malware]]> Mon, 29 Jan 2018 20:34:07 GMT /slideshow/the-hidden-empires-of-malware-with-tls-certified-hypotheses-and-machine-learning/86874128 RyanKovar@slideshare.net(RyanKovar) The Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning RyanKovar The “threat hunting” landscape has drastically changed due to the increase in encrypted transport layer security (TLS) Internet traffic. The days of adversaries registering domains with their given names are gone, and malicious actors increasingly use malware that takes advantage of TLS encryption to hide their tracks. Yet, even in this brave new world of altered tactics, techniques, and procedures, adversaries leave clues that can expose their infrastructure. To find these clues, however, blue teams need to learn some new tricks. This talk focuses on expanding on techniques that have been researched and presented at various conferences by Mark Parsons, and specifically on his methods for using TLS certificates to find malicious malware infrastructure. We will build on Parsons’ body of work and show how his approach to malware certificate hunting can be expanded to detect instances of PowerShell Empire servers that have self-generated SSL certifications on port 443 and 8080. These certificates have a unique fingerprint that can be detected by leveraging tools like zmap/zgrep, python, and statistics/machine learning. The results of this research will show how network defenders can find previously unknown instances of malicious infrastructure communicating with their network and prevent them in the future. Finally, we will discuss our creation of hypotheses, codes and techniques, and methods of validation for verification. We’ll then release our tools and methodology for use by the community to explore other potential “hidden empires” of malware <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sansctihiddenempiresofmalware1-180129203407-thumbnail.jpg?width=120&height=120&fit=bounds" /> The “threat hunting” landscape has drastically changed due to the increase in encrypted transport layer security (TLS) Internet traffic. The days of adversaries registering domains with their given names are gone, and malicious actors increasingly use malware that takes advantage of TLS encryption to hide their tracks. Yet, even in this brave new world of altered tactics, techniques, and procedures, adversaries leave clues that can expose their infrastructure. To find these clues, however, blue teams need to learn some new tricks. This talk focuses on expanding on techniques that have been researched and presented at various conferences by Mark Parsons, and specifically on his methods for using TLS certificates to find malicious malware infrastructure. We will build on Parsons’ body of work and show how his approach to malware certificate hunting can be expanded to detect instances of PowerShell Empire servers that have self-generated SSL certifications on port 443 and 8080. These certificates have a unique fingerprint that can be detected by leveraging tools like zmap/zgrep, python, and statistics/machine learning. The results of this research will show how network defenders can find previously unknown instances of malicious infrastructure communicating with their network and prevent them in the future. Finally, we will discuss our creation of hypotheses, codes and techniques, and methods of validation for verification. We’ll then release our tools and methodology for use by the community to explore other potential “hidden empires” of malware

The Hidden Empires of Malware with TLS Certified Hypotheses and Machine Learning from Ryan Kovar

]]> 404 4 https://cdn.slidesharecdn.com/ss_thumbnails/sansctihiddenempiresofmalware1-180129203407-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Hidden empires of malware /RyanKovar/hidden-empires-of-malware hiddenempiresofmalware-180109214416
The landscape of "threat hunting" has drastically changed due to the increase in TLS encrypted Internet traffic. The days of adversaries registering domains with their given names are gone and malicious actors increasingly use malware that takes advantage of TLS encryption to hide their tracks. Yet, even in this brave new world of altered TTPs, the adversaries leave clues that can expose their infrastructure. To find these clues, however, blue teams need to learn some new tricks. Our talk focuses on expanding upon techniques that have been researched and presented on at various conferences by Mark Parsons, specifically, his methods for using TLS certificates to find malicious malware infrastructure. We will build upon Parsons' corpus of work and show how his approach to malware certificate hunting can be expanded upon to detect instances of PowerShell Empire servers that have self-generated SSL certs on port 443 and 8080. These certificates have a unique finger print that can be detected by leveraging tools like zmap/zgrep, python, and statistics/machine learning. The results of this research will show how network defenders can find previously unknown instances of malicious infrastructure communicating with their network and prevent them in the future. Finally, we will discuss our hypotheses creation, our code and techniques, methods of validation for verification, and release our tools and methodology for use by the community to explore other "hidden empires" of malware that may exist.]]>
The landscape of "threat hunting" has drastically changed due to the increase in TLS encrypted Internet traffic. The days of adversaries registering domains with their given names are gone and malicious actors increasingly use malware that takes advantage of TLS encryption to hide their tracks. Yet, even in this brave new world of altered TTPs, the adversaries leave clues that can expose their infrastructure. To find these clues, however, blue teams need to learn some new tricks. Our talk focuses on expanding upon techniques that have been researched and presented on at various conferences by Mark Parsons, specifically, his methods for using TLS certificates to find malicious malware infrastructure. We will build upon Parsons' corpus of work and show how his approach to malware certificate hunting can be expanded upon to detect instances of PowerShell Empire servers that have self-generated SSL certs on port 443 and 8080. These certificates have a unique finger print that can be detected by leveraging tools like zmap/zgrep, python, and statistics/machine learning. The results of this research will show how network defenders can find previously unknown instances of malicious infrastructure communicating with their network and prevent them in the future. Finally, we will discuss our hypotheses creation, our code and techniques, methods of validation for verification, and release our tools and methodology for use by the community to explore other "hidden empires" of malware that may exist.]]> Tue, 09 Jan 2018 21:44:16 GMT /RyanKovar/hidden-empires-of-malware RyanKovar@slideshare.net(RyanKovar) Hidden empires of malware RyanKovar The landscape of "threat hunting" has drastically changed due to the increase in TLS encrypted Internet traffic. The days of adversaries registering domains with their given names are gone and malicious actors increasingly use malware that takes advantage of TLS encryption to hide their tracks. Yet, even in this brave new world of altered TTPs, the adversaries leave clues that can expose their infrastructure. To find these clues, however, blue teams need to learn some new tricks. Our talk focuses on expanding upon techniques that have been researched and presented on at various conferences by Mark Parsons, specifically, his methods for using TLS certificates to find malicious malware infrastructure. We will build upon Parsons' corpus of work and show how his approach to malware certificate hunting can be expanded upon to detect instances of PowerShell Empire servers that have self-generated SSL certs on port 443 and 8080. These certificates have a unique finger print that can be detected by leveraging tools like zmap/zgrep, python, and statistics/machine learning. The results of this research will show how network defenders can find previously unknown instances of malicious infrastructure communicating with their network and prevent them in the future. Finally, we will discuss our hypotheses creation, our code and techniques, methods of validation for verification, and release our tools and methodology for use by the community to explore other "hidden empires" of malware that may exist. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/hiddenempiresofmalware-180109214416-thumbnail.jpg?width=120&height=120&fit=bounds" /> The landscape of "threat hunting" has drastically changed due to the increase in TLS encrypted Internet traffic. The days of adversaries registering domains with their given names are gone and malicious actors increasingly use malware that takes advantage of TLS encryption to hide their tracks. Yet, even in this brave new world of altered TTPs, the adversaries leave clues that can expose their infrastructure. To find these clues, however, blue teams need to learn some new tricks. Our talk focuses on expanding upon techniques that have been researched and presented on at various conferences by Mark Parsons, specifically, his methods for using TLS certificates to find malicious malware infrastructure. We will build upon Parsons' corpus of work and show how his approach to malware certificate hunting can be expanded upon to detect instances of PowerShell Empire servers that have self-generated SSL certs on port 443 and 8080. These certificates have a unique finger print that can be detected by leveraging tools like zmap/zgrep, python, and statistics/machine learning. The results of this research will show how network defenders can find previously unknown instances of malicious infrastructure communicating with their network and prevent them in the future. Finally, we will discuss our hypotheses creation, our code and techniques, methods of validation for verification, and release our tools and methodology for use by the community to explore other "hidden empires" of malware that may exist.

Hidden empires of malware from Ryan Kovar

]]> 685 3 https://cdn.slidesharecdn.com/ss_thumbnails/hiddenempiresofmalware-180109214416-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 10(?) holiday gifts for the SOC who has everything /slideshow/10-holiday-gifts-for-the-soc-who-has-everything/82928322 ryankovardaveherraldsiemsummit-171128213700
Automating your organization’s security operations is no longer optional. It’s essential. Increasing analyst productivity and decreasing response time can mean the difference between successfully containing an attack, and suffering a devastating breach. This talk will focus on ten practical automation techniques—each implemented in either Python or PowerShell— that extend the functionality of a popular commercial SIEM. Each technique will demonstrate how to automatically gather additional context on an alert, make configuration changes in an operational environment, or retrieve and analyze forensic evidence. Proof of concept code samples and live/recorded demonstrations will be provided.]]>
Automating your organization’s security operations is no longer optional. It’s essential. Increasing analyst productivity and decreasing response time can mean the difference between successfully containing an attack, and suffering a devastating breach. This talk will focus on ten practical automation techniques—each implemented in either Python or PowerShell— that extend the functionality of a popular commercial SIEM. Each technique will demonstrate how to automatically gather additional context on an alert, make configuration changes in an operational environment, or retrieve and analyze forensic evidence. Proof of concept code samples and live/recorded demonstrations will be provided.]]> Tue, 28 Nov 2017 21:37:00 GMT /slideshow/10-holiday-gifts-for-the-soc-who-has-everything/82928322 RyanKovar@slideshare.net(RyanKovar) 10(?) holiday gifts for the SOC who has everything RyanKovar Automating your organization’s security operations is no longer optional. It’s essential. Increasing analyst productivity and decreasing response time can mean the difference between successfully containing an attack, and suffering a devastating breach. This talk will focus on ten practical automation techniques—each implemented in either Python or PowerShell— that extend the functionality of a popular commercial SIEM. Each technique will demonstrate how to automatically gather additional context on an alert, make configuration changes in an operational environment, or retrieve and analyze forensic evidence. Proof of concept code samples and live/recorded demonstrations will be provided. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/ryankovardaveherraldsiemsummit-171128213700-thumbnail.jpg?width=120&height=120&fit=bounds" /> Automating your organization’s security operations is no longer optional. It’s essential. Increasing analyst productivity and decreasing response time can mean the difference between successfully containing an attack, and suffering a devastating breach. This talk will focus on ten practical automation techniques—each implemented in either Python or PowerShell— that extend the functionality of a popular commercial SIEM. Each technique will demonstrate how to automatically gather additional context on an alert, make configuration changes in an operational environment, or retrieve and analyze forensic evidence. Proof of concept code samples and live/recorded demonstrations will be provided.

10(?) holiday gifts for the SOC who has everything from Ryan Kovar

]]> 1600 8 https://cdn.slidesharecdn.com/ss_thumbnails/ryankovardaveherraldsiemsummit-171128213700-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 SOCs for the rest of us /slideshow/socs-for-the-rest-of-us/76769116 socsfortherestofus-ryankovaranddaveherrald-170608144908
In this talk we will discuss key traits of some of the largest and most successful security operations centers we’ve visited over the last two years. From automating tier-1 to integrating investigations into Slack channels, from curating toolchains to cutting out threat feeds, we’ll cover what’s working well and what challenges remain. Many industry verticals will be represented including financial services, multi-national conglomerates, entertainment, healthcare, energy, defense, technology, and dynamic internet startups.]]>
In this talk we will discuss key traits of some of the largest and most successful security operations centers we’ve visited over the last two years. From automating tier-1 to integrating investigations into Slack channels, from curating toolchains to cutting out threat feeds, we’ll cover what’s working well and what challenges remain. Many industry verticals will be represented including financial services, multi-national conglomerates, entertainment, healthcare, energy, defense, technology, and dynamic internet startups.]]> Thu, 08 Jun 2017 14:49:08 GMT /slideshow/socs-for-the-rest-of-us/76769116 RyanKovar@slideshare.net(RyanKovar) SOCs for the rest of us RyanKovar In this talk we will discuss key traits of some of the largest and most successful security operations centers we’ve visited over the last two years. From automating tier-1 to integrating investigations into Slack channels, from curating toolchains to cutting out threat feeds, we’ll cover what’s working well and what challenges remain. Many industry verticals will be represented including financial services, multi-national conglomerates, entertainment, healthcare, energy, defense, technology, and dynamic internet startups. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/socsfortherestofus-ryankovaranddaveherrald-170608144908-thumbnail.jpg?width=120&height=120&fit=bounds" /> In this talk we will discuss key traits of some of the largest and most successful security operations centers we’ve visited over the last two years. From automating tier-1 to integrating investigations into Slack channels, from curating toolchains to cutting out threat feeds, we’ll cover what’s working well and what challenges remain. Many industry verticals will be represented including financial services, multi-national conglomerates, entertainment, healthcare, energy, defense, technology, and dynamic internet startups.

SOCs for the rest of us from Ryan Kovar

]]> 184 4 https://cdn.slidesharecdn.com/ss_thumbnails/socsfortherestofus-ryankovaranddaveherrald-170608144908-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 How to be employed at the SOC of tomorrow... today. /slideshow/how-to-be-employed-at-the-soc-of-tomorrow-today/76768878 infosecryankovar-170608144156
For years’ information security professionals have become used to 0% unemployment. However, machine learning is beginning to radically change the information security landscape. How do we deal with these upcoming shifts in technologies and skillsets? This talk focuses on what those changes are and how employees and employers can prepare for the SOC of tomorrow.]]>
For years’ information security professionals have become used to 0% unemployment. However, machine learning is beginning to radically change the information security landscape. How do we deal with these upcoming shifts in technologies and skillsets? This talk focuses on what those changes are and how employees and employers can prepare for the SOC of tomorrow.]]> Thu, 08 Jun 2017 14:41:55 GMT /slideshow/how-to-be-employed-at-the-soc-of-tomorrow-today/76768878 RyanKovar@slideshare.net(RyanKovar) How to be employed at the SOC of tomorrow... today. RyanKovar For years’ information security professionals have become used to 0% unemployment. However, machine learning is beginning to radically change the information security landscape. How do we deal with these upcoming shifts in technologies and skillsets? This talk focuses on what those changes are and how employees and employers can prepare for the SOC of tomorrow. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/infosecryankovar-170608144156-thumbnail.jpg?width=120&height=120&fit=bounds" /> For years’ information security professionals have become used to 0% unemployment. However, machine learning is beginning to radically change the information security landscape. How do we deal with these upcoming shifts in technologies and skillsets? This talk focuses on what those changes are and how employees and employers can prepare for the SOC of tomorrow.

How to be employed at the SOC of tomorrow... today. from Ryan Kovar

]]> 339 3 https://cdn.slidesharecdn.com/ss_thumbnails/infosecryankovar-170608144156-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Threat Intelligence Victory Garden /slideshow/threat-intelligence-victory-garden-71596588/71596588 sansctisummitrkovardherrald-170131164255
Creating, Capturing, and Using your own threat intelligence with open source tools]]>
Creating, Capturing, and Using your own threat intelligence with open source tools]]> Tue, 31 Jan 2017 16:42:55 GMT /slideshow/threat-intelligence-victory-garden-71596588/71596588 RyanKovar@slideshare.net(RyanKovar) Threat Intelligence Victory Garden RyanKovar Creating, Capturing, and Using your own threat intelligence with open source tools <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sansctisummitrkovardherrald-170131164255-thumbnail.jpg?width=120&height=120&fit=bounds" /> Creating, Capturing, and Using your own threat intelligence with open source tools

Threat Intelligence Victory Garden from Ryan Kovar

]]> 1308 7 https://cdn.slidesharecdn.com/ss_thumbnails/sansctisummitrkovardherrald-170131164255-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 stoQing your Splunk /slideshow/stoqing-your-splunk/63505854 omcrl0mnqvoksxhvv5k9-signature-ca69f33313bd6929caf745a03c3419f984bbdec89288c7893c1f7d2baff10bb5-poli-160628013353
stoQ is an open-source DFIR analysis framework that allows for plug and play automated analysis of threats into a datastore of their choice. When combined with a data exploration tool like Splunk, it allows analysts to simplify the repetitive analytic tasks (running yara signatures, running hashes against virustotal, XOR, ROT13, extracting links from emails, and much more) and quickly correlate against other data sources or threat intelligence offerings to better visualize the threats to their network. In this talk we will cover what stoQ is, how it works, and show a demonstration of how you can leverage it’s capabilities with Splunk. We will also be releasing a free Splunk app that will allow anyone with Splunk to start leveraging stoQ today. Attendees will learn: how to streamline the analysis of malicious files and network traffic using a flexible opensource DFIR framework; how to view that data and use it in an incident; and how to install and configure the stoQ and Splunk instance for use when they get back to their own offices.]]>
stoQ is an open-source DFIR analysis framework that allows for plug and play automated analysis of threats into a datastore of their choice. When combined with a data exploration tool like Splunk, it allows analysts to simplify the repetitive analytic tasks (running yara signatures, running hashes against virustotal, XOR, ROT13, extracting links from emails, and much more) and quickly correlate against other data sources or threat intelligence offerings to better visualize the threats to their network. In this talk we will cover what stoQ is, how it works, and show a demonstration of how you can leverage it’s capabilities with Splunk. We will also be releasing a free Splunk app that will allow anyone with Splunk to start leveraging stoQ today. Attendees will learn: how to streamline the analysis of malicious files and network traffic using a flexible opensource DFIR framework; how to view that data and use it in an incident; and how to install and configure the stoQ and Splunk instance for use when they get back to their own offices.]]> Tue, 28 Jun 2016 01:33:52 GMT /slideshow/stoqing-your-splunk/63505854 RyanKovar@slideshare.net(RyanKovar) stoQing your Splunk RyanKovar stoQ is an open-source DFIR analysis framework that allows for plug and play automated analysis of threats into a datastore of their choice. When combined with a data exploration tool like Splunk, it allows analysts to simplify the repetitive analytic tasks (running yara signatures, running hashes against virustotal, XOR, ROT13, extracting links from emails, and much more) and quickly correlate against other data sources or threat intelligence offerings to better visualize the threats to their network. In this talk we will cover what stoQ is, how it works, and show a demonstration of how you can leverage it’s capabilities with Splunk. We will also be releasing a free Splunk app that will allow anyone with Splunk to start leveraging stoQ today. Attendees will learn: how to streamline the analysis of malicious files and network traffic using a flexible opensource DFIR framework; how to view that data and use it in an incident; and how to install and configure the stoQ and Splunk instance for use when they get back to their own offices. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/omcrl0mnqvoksxhvv5k9-signature-ca69f33313bd6929caf745a03c3419f984bbdec89288c7893c1f7d2baff10bb5-poli-160628013353-thumbnail.jpg?width=120&height=120&fit=bounds" /> stoQ is an open-source DFIR analysis framework that allows for plug and play automated analysis of threats into a datastore of their choice. When combined with a data exploration tool like Splunk, it allows analysts to simplify the repetitive analytic tasks (running yara signatures, running hashes against virustotal, XOR, ROT13, extracting links from emails, and much more) and quickly correlate against other data sources or threat intelligence offerings to better visualize the threats to their network. In this talk we will cover what stoQ is, how it works, and show a demonstration of how you can leverage it’s capabilities with Splunk. We will also be releasing a free Splunk app that will allow anyone with Splunk to start leveraging stoQ today. Attendees will learn: how to streamline the analysis of malicious files and network traffic using a flexible opensource DFIR framework; how to view that data and use it in an incident; and how to install and configure the stoQ and Splunk instance for use when they get back to their own offices.

stoQing your Splunk from Ryan Kovar

]]> 385 4 https://cdn.slidesharecdn.com/ss_thumbnails/omcrl0mnqvoksxhvv5k9-signature-ca69f33313bd6929caf745a03c3419f984bbdec89288c7893c1f7d2baff10bb5-poli-160628013353-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://public.slidesharecdn.com/v2/images/profile-picture.png https://cdn.slidesharecdn.com/ss_thumbnails/sansctihiddenempiresofmalware1-180129203407-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/the-hidden-empires-of-malware-with-tls-certified-hypotheses-and-machine-learning/86874128 The Hidden Empires of ... https://cdn.slidesharecdn.com/ss_thumbnails/hiddenempiresofmalware-180109214416-thumbnail.jpg?width=320&height=320&fit=bounds RyanKovar/hidden-empires-of-malware Hidden empires of malware https://cdn.slidesharecdn.com/ss_thumbnails/ryankovardaveherraldsiemsummit-171128213700-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/10-holiday-gifts-for-the-soc-who-has-everything/82928322 10(?) holiday gifts fo...