Threat Intelligence Benelux Summit | Anomali

Threat Intelligence Benelux Summit
Wednesday, November 13, 2019

About The Event

Anomali, Group-IB and SiloBreaker are hosting a complimentary informative full day focused on cyber threat hunting during a conference in Amsterdam on the 13th of November. Industry-leading threat intelligence experts will share their thoughts on today’s adversaries and their attack techniques and how to hunt them.

Who Should Attend

This one-day session is intended for both CXO and Sr. Technical Staff. Anticipate walking away from the seminar with tangible information for your teams to research within your own environments.


DoubleTree Hilton
Oosterdoksstraat 4, 1011 DK Amsterdam, Netherlands


  • Anomali
  • Group-IB
  • ING
  • Silobreaker

"Silence: going global"

In September 2018, Group-IB released Silence: Moving into the dark side, the first comprehensive technical research on the group’s attacks. The analysis remains the most complete source of technical information about the infrastructure and tools the cybercriminals used between June 2016 and April 2018. Since that time, however, the geography of the group’s attacks, some of their tools, and other important elements characteristic of Silence have changed. Group-IB experts continuously monitor the cybercriminals’ activities and in August 2019 published Silence 2.0: Going global, additional research about the threat actor’s evolution, tactical changes, and new targets.

Rustam Mirkasymov, Head of Dynamic Analysis Department & Threat Intelligence Expert, Group-IB
Rustam is responsible for malware analysis and APT research. He graduated from Moscow Engineering Physics Institute, Department of Cybernetics, in 2013. Before joining Group-IB, he worked as a reverse engineer looking for software and browser vulnerabilities. He decided to use the skills acquired through his education and professional experience to fight cybercrime throughout the world on a daily basis. Rustam joined Group-IB as a malware analyst in 2014. He helped to establish Group-IB’s Threat Intelligence department. As a head of dynamic analysis department, he has been researching various threat actors and hacker groups. He is a co-author of Group-IB’s widely known reports on infamous hacker groups, such as Anunak, Cobalt, Lazarus, Buhtrap, MoneyTaker and Silence.

“A Full Cycle Investigation of Phishers Targeting EMEA”

Threat Intelligence has identified and analyzed 2.6 million unique phishing URLs on 727, 000 domains, which is a 9 per cent increase from 2018. Phishers specializing in massive cyber-attacks use so-called phishing kits — fully-fledged phishing websites that contain configuration files that define a site’s algorithms and specify the recipient for the compromised data. This presentation provides a detailed and technical analysis of how phishing sites were detected, the methods used to automate the collection of phishing kits, how to automate the capture of credentials that are stored in phishing logs, and the techniques used in online investigations of cybercriminals managing this type of infrastructure.

Camill Cebulla, EMEA Business Development Director, Group-IB
Camill is responsible for the EMEA region at Group-IB, one of the global leaders in preventing and investigating high-tech crimes. Group-IB has a wealth of experience solving cybercrimes around the world, with in-depth and unparalleled expertise in the case of Russian speaking criminal groups. Camill works closely with the analytical teams at Group-IB to share threat intelligence with end customers. All along his career Camill has worked as an international consultant in Europe. Camill actively shares knowledge at global cyber security events including SecurityWeek CISO Forum in California, USA, the BRAIN Convention in Bangkok, Gartner Security & Risk Management Summit, etc.

"Cyber Intelligence Starts Here"

AJ Nash, the Director of Cyber Intelligence Strategy for Anomali, will be providing an informative presentation on building effective cyber intelligence programs. He will walk through the problems most companies face, some fundamentals of intelligence, the keys aspect to focus on in building and maintaining an effective intelligence program, and samples of how mature intelligence programs are structured and function. Other topic highlights include; vendor and source selection, personnel challenges, budgeting and project planning to improve your intelligence posture.

AJ Nash, Director of Cyber Intelligence Strategy, Anomali
AJ Nash has more than two decades of experience in intelligence collection, analysis, reporting, briefing, process improvement, and leadership. Prior to Anomali, he was a Senior Manager of Cyber Threat Intelligence at Capital One, Global Head of Cyber Intelligence at Symantec, and a guest lecturer at several universities. His background includes time spent in the United States Air Force, the National Security Agency, and the United States Cyber Command.

"Data as the Adversary: Understanding Threats in an Unstructured World"

Context is essential to understand the bigger picture around cyber threats. These findings are more likely to come from external unstructured data than technical threat feeds. Looking outside the perimeter is becoming a ‘must-have’ for a proactive intelligence effort. But where do you look and how do you find value?

Max Mansson, Client Director UK-Europe, Silobreaker
As a Silobreaker Client Director, Max works closely with security teams in both private and public sector organisations. His in-depth understanding of complex security and intelligence requirements across multiple industries, combined with his expertise in how technology can be used for extracting relevant and timely insights from large data-sets, enable him to help customers find value or mitigate risk across numerous use-cases.

"OSINT – Software & Brainware"

Modern OSINT has some 30 years in the making, but many of the processes and products we were discussing back in 1990 have not changed. Many national, as well as corporate, intelligence services are inept at dealing with OSINT due to the rapid pace of openness, which contradicts their security protocols and culture. Real OSINT requires a creative and open environment that focuses on the deliverable, and is open for ever-evolving processes. Tools are secondary and not always necessary. Thirty years of experience in practice, problem-solving, and the use of dynamic technology will be shared in this session.

Mats Bjore, Co-Founder and Non-Executive Director, Silobreaker
Mats founded the intelligence & advisory firm Infosphere AB in 1999, a company he still owns alongside his ownership in Silobreaker. Before this, he served three years as Knowledge Manager for McKinsey Scandinavia and operated in numerous capacities within the Swedish Military & Intelligence Services, notably as its Head of Open Source Intelligence. This position saw Mats honored with the Swedish Royal War Academy silver medal for the initiation of Open Source Intelligence in Sweden. He now provides OSINT support for clients in Europe, the Middle East, and the Americas.

"Protecting the Herd: Why Information Sharing Matters"

Cyber attacks are ever-evolving and increasing in both frequency and sophistication, resulting in challenges to enterprises that must protect and defend their information systems and networks. A method for thwarting adversaries and improving security posture is to work collaboratively with industry peers and exchange threat intelligence and defensive measures. This sharing of information between organizations helps enhance members ability to detect, understand, and characterize malicious activity in support of well-informed risk-based decision-making.

Roberto Sanchez, Director of Threat & Sharing Analysis, Anomali
Roberto Sanchez is a career-long intelligence officer with tactical, operational, and strategic level experience working diverse issues from counterterrorism to cybersecurity. He has a broad background leading intelligence and reconnaissance teams in the U.S. Marine Corps, cyber intelligence teams at the National Security Agency (NSA), and delivering threat intelligence at multiple commercial and defense contracting companies. Roberto is passionate about intelligence and cybersecurity and enjoys sharing his knowledge and experiences with both the public and private sectors. He is currently responsible for leading intelligence strategy at Anomali and promoting the value of threat intelligence across the wider security community.

"Keys to Unlocking a Strong Threat Intelligence Program"

This talk will discuss the keys to measure a successful threat intelligence program, and how it relates to a company’s overall cybersecurity strategy.

Nicholas Hayden, Global Head of Threat Intelligence, Anomali
Nicholas is currently the Senior Director of Threat Intelligence for Anomali. For the past 20+ years Nicholas has dedicated his expertise and commitment to the field of Information/Cyber Security. He’s a co-founder for ISC2 New Hampshire Chapter, international speaker on the topics of Cyber Security Strategy, building effective cyber security team, and how to implement cyber threat intelligence into existing Cyber Security programs. He’s participated in several US national exercises in a variety of roles: A Lead Planner, Blue Team Member and Blue Team Lead. Additionally, to he continues to make an impact at the international level, as a member of OASIS STIX/TAXII committee.

"The Importance Of Requirements In Extracting Cyber Threat Intelligence Value"

Creating business value from CTI relies on a nuanced understanding of the information needs of the key stakeholders in your organisation. In this presentation, I discuss the difficulties CTI teams run into when gathering and maintaining requirements from stakeholders and propose practices that can help alleviate such issues.

Greg Wilkinson, Threat Intelligence Lead, ING
Greg is the Cyber-Intelligence lead Analyst at ING with a focus on building the intelligence-driven security operations environment for the future. His specific interests and expertise include threat actor tracking and threat hunting workflows.


10:00 - 10:30Registration, Networking & Coffee
10:30 - 12:00Sessions
12:00 - 13:00Lunch
13:00 - 17:00Sessions
17:00 - 19:00Networking Drinks & Snacks

Save Your Seat