Ronan Mouchoux
Last known affiliation: XRATOR
Bio: Ronan is the cofounder and the Chief Product & Engineering Officer at XRATOR, a cyber risk quantification SaaS platform. Degreed in Network Engineering and Crimila Sciences, he spends most of its career analyzing and documenting sophisticated cyber threat as a Cyber Threat Intelligence Analyst.
Ronan Mouchoux 🗣 | François Moerman 🗣
Abstract (click to view)
This presentation describes a system ingesting natural language threat report using Natural Language Processing to generate a graph-based model using the STIXv2 structured language and a relational database. The natural language expressions are normalized using MITRE structured vocabularies and industry recognized threat actor catalogs. To uncover potentially missing threat report information, we apply the association rule learning Apriori algorithm on a threat report based on the structured knowledge we model.
Ronan Mouchoux 🗣 | Ivan Kwiatkowski 🗣
Abstract (click to view)
The connected societies facing ever evolving risks, traditional cyber security solutions have been charged by the popular jury for incompetence. Yet they are working for what they have been designed for, the rise of targeted attacks as well as the maturation of advanced cybercrime force defenders to find new ways of fighting the ghosts in the machines. Cyber Threat Intelligence has emerged for about a decade now, bringing new mind-set, tools and methods to the overall InfoSec community. After reminded what composed this activity, this conceptual presentation will focus on Tactical Threat Intelligence. By diagnosing that adversaries’ behaviour analysis has been mainly hijack to provide technical indicators and strategic feedback, we will review today’s methods and tools used
for cyber threat profiling and express the limitation or problematics they brought to Intelligence Tradecraft specialist. Moves by the impression that today’s Tactical Threat Intelligence is rarely as a say derived into action, we will finally explore new leads that could bring the discipline more operational concretisation and will help tactical analyst is the difficult path to automate tasks in a very psychological influenced domain.
Ronan Mouchoux 🗣
Abstract (click to view)
This presentation aims to explain how works MalwareTrap, a DNS resolution traffic analysis platform deployed into a major French company’s network. MalwareTrap was created to complete internal anti-malwares protections. It constantly listens to the internal DNS resolution traffic between workstations and Internal DNS. When it spots a DNS request for a domain name considered by MalwareTrap as a security threat, the internal DNS replies not the domain name’s real IP but the IP of the MalwareTrap’s entry point. The suspicious workstation then talks to MalwareTrap as if it were the server behind the domain name.