Following Threat Actors Rhythm to Give Them More Blues
Malachi Walker
Blacks in Cyber Village @ DEF CON 33 · Day 1 · Blacks in Cyber Village
In his engaging talk, "Following Threat Actors Rhythm to Give Them More Blues," Malachi Walker, a Security Adviser at DomainTools, introduced a novel approach to cybersecurity investigations: **domain intelligence analysis**. This methodology leverages the inherent patterns in how threat actors establish and utilize online infrastructure, particularly within the **Domain Name System (DNS)**, to provide early warning signs and actionable intelligence. Walker's presentation emphasized that by understanding these rhythms, defenders can proactively identify and disrupt malicious campaigns, turning the tables on adversaries who often believe they only need to be right once.
AI review
A vendor-affiliated speaker doing an elaborate DNS scavenger hunt dressed up as threat intelligence methodology. The core content — query TXT, MX, CNAME records, decode Base16/Base64, pivot on infrastructure — is foundational stuff any CTI analyst learned five years ago. The framing is engaging and the demo format is creative, but there's no novel research here, no new attack surface, no threat actor data that isn't already in a DomainTools marketing brochure.