“Decoding Political Violence with OSINT and Lessons from the Frontline”

Join deep dive: Wed, Dec 18, 16:00 CET
28 November 2023
Webinar

Webinar | Exploring Golden Chicken Ransomware Group

Golden Chickens is the “cyber weapon of choice” for three of the top money making, longest-running Internet crime groups which are estimated to have collectively caused financial losses over USD $1.5 billion. eSentire’s Threat Response Unit has been monitoring the internet activities of the threat actor behind Golden Chicken – “VenomSpider” as named by Crowdstrike – for many years.

In this webinar, Nico Dekens and Aaron Dixon will utilize the seed data provided in eSentire’s investigations and demonstrate how to verify connections between VenomSpider’s username in a Russian-language hacker forum and a natural personal identity. The investigation demonstrates how to effectively delve into relevant social media profiles, location of residence, background, and additional personal networks.

In this webinar, you’ll learn:

  • 04:57 eSentire’s Report on Golden Chickens
  • 06:42 Quick Overview of the Investigative Workflow
  • 10:40 Looking at eSentire’s Report with a Maltego Graph
  • 12:42 Starting with an Alias Entity
  • 16:52 Gathering Data with an Email Address
  • 27:45 Retrieving Password from Breach Entities
  • 32:11 Using another Alias Entity to Iterate Other Email Providers
  • 36:49 Bulk Search on an Alias Entity for Social Handles
  • 43:30 Digging More into the Email Address Entity
  • 48:57 Looking into the Target’s Facebook Profile
  • 54:12 Summary of the Demo and Hints for Further Investigation

About the Speakers

Aaron Dixon is a former member of the New Zealand military who has spent 6 years working as a consultant in the areas of IT Security and Compliance, Data Privacy, Digital Forensics and Cyber Threat Intelligence. He is currently completing a Master of International Security (Intelligence). His primary areas of interest are the core concepts of intelligence, terrorism and geo-political conflict.

Nico Dekens, known as the Dutch_OsintGuy online, is an All Source Analyst specializing in open source intelligence (OSINT), online human intelligence (HUMINT), and online investigations. He has over 20 years of experience as an All Source Intelligence Analyst at Dutch Law Enforcement.