├── .gitignore
├── README.md
├── hunting-bears-barry.pdf
└── hunting-bears-barry.pptx


/.gitignore:
--------------------------------------------------------------------------------
1 | ~*
2 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # NICAR19 Cyberwar
 2 | 
 3 | ### Cyberwar: Investigating hacking by advanced actors
 4 | *Speakers: Rob Barry of The Wall Street Journal; Surya Mattu of The Markup*
 5 | 
 6 | How to investigate warfare’s newest front: the cyber realm. We'll walk you through getting more information about this secretive world, including tracking down information about who owns what on the internet, disentangling server logs, studying IP addresses and analyzing malware and emails and more in this session. We’ll also talk about some of the tactics advanced hackers have used in the past to penetrate sensitive networks--and how those efforts can provide clues in future attacks.
 7 | 
 8 | ## Tipsheet
 9 | 
10 | Here are some useful tools:
11 | 
12 | * [FarSight](https://www.farsightsecurity.com/solutions/) - Excellent source of passive DNS data. They like reporters, so reach out and ask them for an API key.
13 | * [DomainTools](http://domaintools.com) - Historical WHOIS for domains; website snapshots; search WHOIS and historical WHOIS; SSL certificates
14 | * [RiskIQ](https://community.riskiq.com/home) - Historical WHOIS for both IPs and domains; SSL certificates; email addresses; "trackers" (like Google Analytics code); passive DNS data.
15 | * [SecurityTrails](https://securitytrails.com/) - Passive DNS data
16 | * [PublicWWW.com](https://publicwww.com/) - Like Google, but also indexes HTML and JavaScript
17 | * [BuiltWith](https://builtwith.com/) - Detects technologies used by websites
18 | * [SimilarWeb](https://www.similarweb.com/) - Detects technologies used by websites
19 | * [Shodan](https://www.shodan.io/) - Identifies devices and services on IPs
20 | * [Censys](https://censys.io/) - Scans every IP on the internet and stores details
21 | * [BGP Toolkit](https://bgp.he.net/) - Lots of information about ASNs and BGP routes, current and historical
22 | * [Robtex](https://www.robtex.com/) - One-stop shop for lots of information about IP addresses and domains
23 | * [Masscan](https://github.com/robertdavidgraham/masscan)/[NMAP](https://nmap.org/) - Tools for analyzing open ports on specific IP addresses
24 | * [VirusTotal](https://www.virustotal.com/) - Analyze suspicious files and URLs to detect types of malware, see linkages
25 | * [urlscan.io](https://urlscan.io/) - Scan content of any site, study all HTTP calls and lots of other information, historical search data
26 | * [VMRay](https://www.vmray.com/) - Analyze what programs do (this thing is amazing)
27 | * [WebRecorder.io](https://webrecorder.io/) - Capture interactive web session
28 | * [Project Sonar](https://www.rapid7.com/research/project-sonar/) - DNS and SSL data. Good details [here](https://0xpatrik.com/project-sonar-guide/).
29 | 
30 | - [Aircrack-ng](https://www.aircrack-ng.org) - Its been around for ages and does all things wifi	
31 | - [Debookee](https://debookee.com/) - Easy to use network investigation tool. Has a lot of powerful features. Mac only unfortunately 
32 | - [MITMProxy](https://mitmproxy.org) - Tool written in python that makes it very easy to listen to network traffic going through your devices
33 | - [N.S.HEyyyy](https://github.com/samatt/nsheyy_gui/releases) - This is a tool Surya made ages ago for Wi-Fi scanning in monitor mode on OSX. It probably doesnt work anymore but the code for doing the scanning will still work if you need it
34 | - [Herbivore](https://github.com/samatt/herbivore) - A tool made by Jen Kagan and Surya. Its a work in progress but is designed to be a gentle introduction to packet sniffing
35 | 
36 | https://docs.google.com/presentation/d/10lt6DY1qOcJF3yvxtXbsaDjvhEJZurs6jCiP2b5UJQ4/edit?usp=sharing
37 | 


--------------------------------------------------------------------------------
/hunting-bears-barry.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/robbarry/nicar19-internetwar/552f128e8c90ccd6240fcc1e1d969e7696086ef3/hunting-bears-barry.pdf


--------------------------------------------------------------------------------
/hunting-bears-barry.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/robbarry/nicar19-internetwar/552f128e8c90ccd6240fcc1e1d969e7696086ef3/hunting-bears-barry.pptx


--------------------------------------------------------------------------------