Hunting bad guys that use TOR in real-time w/ Milind Bhargava - SANS DFIR Summit 2020

Подробнее о видео

As cybercrime has become commonplace, Tor has been the tool of choice for attackers due to the inherent anonymity it provides. But what if you, an Incident Responder, could acquire additional pieces of the puzzle relating to the activities performed by the attacker in order to paint a clear picture of what occurred during the incident.

The outcome of our research demonstrates how viewing the communications leaving and entering the Tor network gives an unprecedented understanding of the thought process and, most importantly, techniques and malware used by the malicious actors. It also allows an opportunity of a live sneak peek into their different activities allowing an Incident Responder to provide a more conclusive answer to the “how” was the organization attacked.
But even more importantly, we have developed a capability for the Incident Response teams to not just stop their investigation at the Tor node, but to follow the breadcrumbs of an attack even further and finally providing a conclusive answer to the most asked question – was anything taken?

Milind Bhargava, Founder, Mjolnir Security

The annual SANS Digital Forensics & Incident Response (DFIR) Summit is the most comprehensive DFIR event of the year, bringing together a passionate and influential group of experts, cutting edge research and tools, immersive training, and industry networking opportunities. Learn more about this event at

DFIRCON 2020 - Live Online
sans.org/event/dfircon-2020-live-online
Virtual, US Eastern | Mon, Nov 2 - Sat, Nov 7, 2020

Courses Available:
FOR308: Digital Forensics Essentials - NEW
FOR498: Battlefield Forensics & Data Acquisition
FOR500: Windows Forensic Analysis
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
FOR518: Mac and iOS Forensic Analysis and Incident Response
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
FOR578: Cyber Threat Intelligence
FOR585: Smartphone Forensic Analysis In-Depth
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques