This presentation will discuss findings from running multiple sinkholes over the past year. I have purchased multiple domains associated with 'APT' activity after the domains have expired. I will discuss initial expectations before beginning this journey and then discuss actual results and findings. To assist other researchers, suggestions and lessons learned from this experiment will be shared.
Mark Parsons is a developer and threat analyst for King and Union. Previously, he has worked at a civilian federal agency doing incident response and threat intelligence. He has spent the past several years working on creating solutions that allow threat analysts and net defenders to spend more time looking at data rather than collecting it. Mark has previously spoken at BSIDES Charm, ArchC0n and the Sans CTI Summit.