What’s inside the open directory from 96 different threat actors?
2024-12-14 , Track 2

This talk examines how 96 threat actors disclosed their systems, logs, and tools in open directories, providing unique insights into their tactics and operations in real-time.


Understanding the TTPs used by threat actors is often only done after an incident when the damage is done, made from inferences of what they allow us to see. What if analysts had full access to exactly how these actors operate: the commands they ran, their targets, accurate geolocations, tools, and more. Luckily, over the last few years, 96 brazen threat actors, ranging from script kids to alleged APTs, made the decision to publish their systems, bash_history, log files, configs, source code, and more in open directories. Hopefully this talk begins to explore such open data.

Alana is a final-year student with a few years of industry experience, previously in threat intelligence and more recently as a security engineer.

When she is not nerd snipped by Bleeping Computer articles or CTF challenges, she can be found in a rock climbing gym or exploring new cafes, documenting them in an endless spreadsheet (https://brownbearsec.github.io).