Download - Stu w23 b
![Page 1: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/1.jpg)
Session ID:
Session Classification:
Gunter Ollmann CTO, IOActive Inc.
STU-W23B
Intermediate
Building a Better APT Package
![Page 2: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/2.jpg)
► Gunter Ollmann ► CTO - IOActive
► University of Georgia Advisory board
► Formerly: ► Damballa CTO & VP Research
► IBM Chief Security Strategist
► ISS Director of X-Force & EMEA SAS
► NGS Professional Services Director
► Can be found/followed/located at: ► Email [email protected]
► Twitter - @gollmann
About Me
![Page 3: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/3.jpg)
Advanced “Classic”
►Advanced
►Persistent
►Threat
APT
Targeted Threat
► Scary Stuff
![Page 4: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/4.jpg)
Weaponization Teeter-totter
Co
st ($
$$
)
Ste
alth
ine
ss (P
rob
. De
tect
ion
)
![Page 5: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/5.jpg)
► ►
► Outsourcing of all complex bits ► Commercial tools for evasion
►
► Quality Assurance services
► Subscription services to check every malware against all current enterprise network and host-based detection technologies
Cybercrime Evasion
![Page 6: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/6.jpg)
► ► Multiple campaigns, multiple vectors, multiple tools
► Constant information gathering ►
► Mapping networks, host configurations, incident response metrics
► Tie in to organized crime and cybercrime units ► Buy the info or access
► Mingle cyber with physical world
![Page 7: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/7.jpg)
► Bypassing automated defenses Sandboxing/Virtual ►
►
► ► Live Exchange connector & address book
► Age of browser cache
► Webex connectors, etc.
► ►
Stealth within an Onslaught
![Page 8: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/8.jpg)
► Who needs the front door? ► Other devices being carried in past perimeter (BYOD)
► Substitution of physical components ► Spotting chip & board changes?
► Incorporation of custom FPGA logic, etc.
► ►
Breaking the Supply Chain
![Page 9: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/9.jpg)
► ► Most commercial crimeware techniques are already sufficient
► ► Buffer overflow conditions
►
► 0-day, shmo- ► Not normally needed.
► Often increases probability of being detec
![Page 10: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/10.jpg)
Weaponization Teeter-totter
Co
st ($
$$
)
Ste
alth
ine
ss (P
rob
. De
tect
ion
)
![Page 11: Stu w23 b](https://reader031.vdocuments.fr/reader031/viewer/2022030313/58ecffcf1a28ab24568b47b7/html5/thumbnails/11.jpg)
APT Delivery Framework
Co
st ($
)
Attack (Volume/Frequency)