Andy Giron is a Senior Security Researcher at Datadog, he focuses on threat cloud-landscape. Previously he was a Threat Researcher for Arista Networks specializing in network malware analysis. An Incident Response Engineer and led the Cyber Threat Intelligence initiatives at Hulu. Prior to switching to the DFIR side of the house, Andy was a Security Engineer at Currency Exchange International. He enjoys all aspects of security and is an all around breaker of things.

Presentations

22x

That One Time the Threat Actor Sent Me His Token

We all know honeypots can reveal interesting details about threat actors and there tactics, but it’s not every day that a threat actors sends you their own credentials. Operational security is hard. In this session, I’ll share how my team and I developed a simple Flask application to emulate an exposed Docker endpoint, and how an everyday log review led to discovery the X-Registry-Auth header. The header turned out to be a DockerHub token. I’ll take you down the rabbit-hole on how my team and I pivoted for additional research and derived some level of attribution.

See Presentation