Profile

HomeProfilesCharles Price

Charles Price

Senior Threat Researcher at Microsoft

Charles Price is a Senior Threat Researcher at Microsoft with twelve years of experience tracking state-aligned threats.

He enjoys finding new ways to isolate and improve signal on threat actors, especially if it involves mixing host and network based sources.

Prior to security work, he spent as many years building and running a regional ISP in the UK.

AllSessions

Day 2
May 10, 2024
11:15 am

CoTravel Analysis

Charles Price
10 May
Time:  11:15 am - 11:45 am
Location: 
Speaker:  Charles Price

In an era where threat actors constantly evolve their techniques to evade detection, the intelligence community faces significant challenges in tracking their digital footprints. Technologies like onion routing have long been exploited by adversaries to conceal the origin and content of malicious traffic. Recently, Microsoft has identified a shift in behaviour, with threat actors eschewing traditional Tor/VPS-based obfuscation methods in favour of bespoke networks built from compromised SOHO routers.

This new landscape presents an array of analytical hurdles:

  • Differentiating actor traffic from benign usage.
  • Associating specific actors with the networks they utilize.
  • Unravelling the construction and operation of these clandestine networks.

In response to these challenges, Microsoft threat researcher Charles Price unveils "CoTravel," an innovative threat intel tracking process. CoTravel examines actor identifiers and IP egress events over time, distinguishing patterns that reveal the shared infrastructure among seemingly disparate indicators. During the presentation, he will cover technical nuances of CoTravel, its integration into Microsoft's actor tracking effort, and the broader implications for threat intelligence research.