SlideShare une entreprise Scribd logo

Security Intelligence: Advanced Persistent Threats

Télécharger en tant que PPT, PDF
Peter Wood
Peter Wood

Peter Wood has worked as an ethical hacker for the past 20 years, with clients in sectors as diverse as banking, insurance, retail and manufacturing. He will describe how advanced persistent threats operate from a security intelligence perspective, based on published case studies and analysis. He will highlight APT entry points and exploitation techniques and suggest practical prevention and detection strategies.

TechnologieBusiness
1  sur  45
Security Intelligence: Advanced Persistent Threats An Ethical Hacker’s View Peter Wood Chief Executive Officer First•Base Technologies LLP
Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base in 1989 (one of the first ethical hacking firms) CEO First Base Technologies LLP Social engineer & penetration tester Conference speaker and security ‘expert’ Member of ISACA Security Advisory Group Vice Chair of BCS Information Risk Management and Audit Group UK Chair, Corporate Executive Programme FBCS, CITP, CISSP, MIEEE, M.Inst.ISP Registered BCS Security Consultant Member of ACM, ISACA, ISSA, Mensa Slide 2 © First Base Technologies 2012
Security Intelligence and This Presentation “SI is a recognition of the evolution of sophisticated adversaries, the study of that evolution, and the application of this information in an actionable way to the defence of systems, networks, and data. In short, it is threat-focused defence, or as I occasionally refer to it, intelligence-driven response. The “intelligence” in intelligence-driven response is the information acquired about one's adversaries, or collectively the threat landscape. Each industry has a different threat landscape, and each organisation in each industry has a different risk profile, even to the same adversary. Understanding one's threat environment is collecting actionable information on known threat actors for computer network defence, whether that action is purely detection or detection with prevention.” Source: Mike Cloppert http://computer-forensics.sans.org/blog/ Slide 3 © First Base Technologies 2012
Agenda • APT Primer • Case Studies • Entry Points • Prevention and Detection Slide 4 © First Base Technologies 2012
Agenda • APT Primer • Case Studies • Entry Points • Prevention and Detection Slide 5 © First Base Technologies 2012
Advanced Persistent Threat (APT) • “An advanced and normally clandestine means to gain continual, persistent intelligence on an individual, or group of individuals” [Wikipedia] • “… a sophisticated, mercurial way that advanced attackers can break into systems, not get caught, keeping long-term access to exfiltrate data at will.” [McAfee] • “… a sophisticated and organized cyber attack to access and steal information from compromised computers.” [MANDIANT] Slide 6 © First Base Technologies 2012
Advanced, Persistent, Threat • They combine multiple attack methodologies and tools in order to reach and compromise their target • The attack is conducted through continuous monitoring and interaction in order to achieve the defined objectives • It does not mean a barrage of constant attacks and malware updates - in fact, a “low-and-slow” approach is usually more successful • There is a level of coordinated human involvement in the attack, rather than a mindless and automated piece of code • The operators have a specific objective and are skilled, motivated, organized and well funded Slide 7 © First Base Technologies 2012
The Aurora attack http://threatpost.com/ Slide 8 © First Base Technologies 2012
The Aurora attack http://threatpost.com/ Slide 9 © First Base Technologies 2012
The Aurora attack http://trailofbits.com/2010/01/24/one-exploit-should-not-ruin-your-day/ If you have done or been around any high-level incident response, you would know that these advanced persistent threats have been going on in various sectors for years. Nor is it a new development that the attackers used an 0day client- side exploit along with targeted social engineering as their initial access vector. What is brand new is the fact that a number of large companies have voluntarily gone public with the fact that they were victims to a targeted attack. And this is the most important lesson: targeted attacks do exist and happen to a number of industries besides the usual ones like credit card processors and e-commerce shops. Dino Dai Zovi Slide 10 © First Base Technologies 2012
Agenda • APT Primer • Case Studies • Entry Points • Prevention and Detection Slide 11 © First Base Technologies 2012
Slide 12 © First Base Technologies 2012 http://blogs.rsa.com/rivner/anatomy-of-an-attack/
The RSA attack 1. Research public information about employees 2. Select low-value targets 3. Spear phishing email “2011 Recruitment Plan” with.xls attachment 4. Spreadhseet contains 0day exploit that installs backdoor through Flash vulnerability (Backdoor is Poison Ivy variant RAT reverse-connected) 1. Digital shoulder surf & harvest credentials 2. Performed privilege escalation 3. Target and compromise high-value accounts 4. Copy data from target servers 5. Move data to staging servers and aggregate, compress and encrypt it 6. FTP to external staging server at compromised hosting site 7. Finally pull data from hosted server and remove traces Slide 13 © First Base Technologies 2012
RSA Security Brief, February 2012 Slide 14 © First Base Technologies 2012
Agenda • APT Primer • Case Studies • Entry Points • Prevention and Detection Slide 15 © First Base Technologies 2012
Entry Points Slide 16 © First Base Technologies 2012
Identifying ‘The Mark’ Slide 17 © First Base Technologies 2012
Social Networking Slide 18 © First Base Technologies 2012
Slide 19 © First Base Technologies 2012
Facebook Scams Slide 20 © First Base Technologies 2012
Document MetaData Harvesting Slide 21 © First Base Technologies 2012
Infosecurity Europe 2012 Experiment • Open WiFi on a laptop on our stand • Network name: ‘Infosec free wifi’ • Fake AP using airbase-ng on BackTrack • In one day we collected 86 unique devices Slide 22 © First Base Technologies 2012
Wireless Eavesdropping Packet sniffing unprotected WiFi can reveal: • logons and passwords for unencrypted sites • all plain-text traffic (e-mails, web browsing, file transfers) Slide 23 © First Base Technologies 2012
Firesheep Capturing Slide 24 © First Base Technologies 2012
Firesheep: Game Over Slide 25 © First Base Technologies 2012
Telephone Social Engineering Sometimes all they have to do is call up and ask! Slide 26 © First Base Technologies 2012
Information Leakage Exposure of: • Corporate hierarchy • E-mail addresses • Phone numbers • Technical infrastructure • Business plans • Sensitive information • Passwords! Slide 27 © First Base Technologies 2012
Spear Phishing Slide 28 © First Base Technologies 2012
Phishing Emails Slide 29 © First Base Technologies 2012
Phishing Emails Slide 30 © First Base Technologies 2012
Spear phishing Slide 31 © First Base Technologies 2012
Privilege Escalation Slide 32 © First Base Technologies 2012
Password ‘Quality’ http://iqsecur.blogspot.ca/2012/04/analysis-of-leaked-militarysinglesorg.html Slide 33 © First Base Technologies 2012
Case study: Windows Administrator Passwords admin5 crystal finance Global organisation: friday macadmin • 67 Administrator accounts monkey orange • 43 simple passwords (64%) password password1 prague • 15 were “password” (22%) pudding rocky4 • Some examples we found -> security security1 sparkle webadmin yellow Slide 34 © First Base Technologies 2012
Case study: Password Crack • 26,310 passwords from a Windows domain • 11,279 (42.9%) cracked in 2½ minutes • It’s not a challenge! Slide 35 © First Base Technologies 2012
Password Issues • Passwords based on dictionary words and names • Service accounts with simple/stupid passwords • Other easy-to-guess passwords • Little or no use of passphrases • Password policies not tailored to specific environments (e.g. Windows LM hash problem) • Old fashioned rules no longer apply (rainbow tables, parallel cracking, video processors) • Just general ignorance and apathy? • One password to rule them all … Slide 36 © First Base Technologies 2012
Agenda • APT Primer • Case Studies • Entry Points • Prevention and Detection Slide 37 © First Base Technologies 2012
Identifying “The Mark”: Social Networking • Don’t reveal personal or sensitive information in social networking sites or blogs • Set the privacy options in social networking sites • Don’t discuss confidential information online • Don’t ‘friend’ people you don’t know Remember – what goes on the Internet, stays on the Internet! Slide 38 © First Base Technologies 2012
Identifying “The Mark”: Telephone Social Engineering • If you receive a suspicious phone call, hang up and call back on a number you know is legitimate • Never reveal personal or sensitive information in response to a phone call unless you have verified the caller • Don’t answer questions about your organisation or colleagues unless it’s your job to do so • Report any phone calls that you suspect might be social engineering attacks Slide 39 © First Base Technologies 2012
Identifying “The Mark”: Public and Open WiFi • Remember: open and WEP-encrypted WiFi networks are visible to almost anyone • Never use public WiFi for sensitive information • Don’t use the same password for web sites and for corporate systems • Make sure your email connections are encrypted Slide 40 © First Base Technologies 2012
Spear Phishing • Never reveal personal or sensitive information in response to an email, no matter who appears to have sent it • If you receive an email that appears suspicious, call the person or organisation in the ‘From’ field before you respond or open any attached files • Never click links in an email message that requests personal or sensitive information. Enter the web address into your browser instead • Report any email that you suspect might be a spear phishing campaign within your company Slide 41 © First Base Technologies 2012
Privilege Escalation • Don’t use passwords based on dictionary words and names • Use complex passphrases for service accounts • Tailor password policies to specific environments (e.g. Windows vs. web sites) • Remember: old fashioned rules no longer apply (rainbow tables, parallel cracking, video processors) • Never re-use passwords: “one password to rule them all …” Slide 42 © First Base Technologies 2012
Think Like an Attacker! Hacking is a way of thinking: - A hacker is someone who thinks outside the box - It's someone who discards conventional wisdom, and does something else instead - It's someone who looks at the edge and wonders what's beyond - It's someone who sees a set of rules and wonders what happens if you don't follow them [Bruce Schneier] Hacking applies to all aspects of life - not just computers Slide 43 © First Base Technologies 2012
The Human Firewall The money you spent on security products, patching systems and conducting audits could be wasted if you don’t prevent social engineering attacks … Invest in Marketing security awareness and Intelligent, practical policies Slide 44 © First Base Technologies 2012
Need more information? Peter Wood Chief Executive Officer First•Base Technologies LLP peterw@firstbase.co.uk http://firstbase.co.uk http://white-hats.co.uk http://peterwood.com Blog: fpws.blogspot.com Twitter: peterwoodx

Recommandé

Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)Network Intelligence India
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attackintegritysolutions
 

Recommandé

Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)Network Intelligence India
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attackintegritysolutions
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
From velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatFrom velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatStefano Maccaglia
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systemsCity Unrulyversity
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackGavin Davey
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsPeter Wood
 
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Peter Wood
 

Contenu connexe

Tendances

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
From velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatFrom velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatStefano Maccaglia
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackGavin Davey
 

Tendances (20)

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 
From velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatFrom velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweat
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systems
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin Attack
 

Similaire à Security Intelligence: Advanced Persistent Threats

Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsPeter Wood
 
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Peter Wood
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesPeter Wood
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityStopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityLumension
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012henkpieper
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013Imperva
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentationrfragola
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksSantosh Satam
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalRobin Lutchansky
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, LondonJohn Palfreyman
 

Similaire à Security Intelligence: Advanced Persistent Threats (20)

Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
 
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityStopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater Insanity
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 Risks
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final Final
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 

Plus de Peter Wood

Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesHacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesPeter Wood
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud securityPeter Wood
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?Peter Wood
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team ExercisePeter Wood
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloudPeter Wood
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to usPeter Wood
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExerciseAdvanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExercisePeter Wood
 
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPeter Wood
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big dataPeter Wood
 
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewUnpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewPeter Wood
 
Prime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePrime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePeter Wood
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewPeter Wood
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesPeter Wood
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised EnvironmentPeter Wood
 
The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security LandscapePeter Wood
 

Plus de Peter Wood (20)

Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesHacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team Exercise
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloud
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExerciseAdvanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
 
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewUnpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
 
Prime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePrime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised Environment
 
The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security Landscape
 

Dernier

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Dernier (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Security Intelligence: Advanced Persistent Threats

  • 1. Security Intelligence: Advanced Persistent Threats An Ethical Hacker’s View Peter Wood Chief Executive Officer First•Base Technologies LLP
  • 2. Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base in 1989 (one of the first ethical hacking firms) CEO First Base Technologies LLP Social engineer & penetration tester Conference speaker and security ‘expert’ Member of ISACA Security Advisory Group Vice Chair of BCS Information Risk Management and Audit Group UK Chair, Corporate Executive Programme FBCS, CITP, CISSP, MIEEE, M.Inst.ISP Registered BCS Security Consultant Member of ACM, ISACA, ISSA, Mensa Slide 2 © First Base Technologies 2012
  • 3. Security Intelligence and This Presentation “SI is a recognition of the evolution of sophisticated adversaries, the study of that evolution, and the application of this information in an actionable way to the defence of systems, networks, and data. In short, it is threat-focused defence, or as I occasionally refer to it, intelligence-driven response. The “intelligence” in intelligence-driven response is the information acquired about one's adversaries, or collectively the threat landscape. Each industry has a different threat landscape, and each organisation in each industry has a different risk profile, even to the same adversary. Understanding one's threat environment is collecting actionable information on known threat actors for computer network defence, whether that action is purely detection or detection with prevention.” Source: Mike Cloppert http://computer-forensics.sans.org/blog/ Slide 3 © First Base Technologies 2012
  • 4. Agenda • APT Primer • Case Studies • Entry Points • Prevention and Detection Slide 4 © First Base Technologies 2012
  • 5. Agenda • APT Primer • Case Studies • Entry Points • Prevention and Detection Slide 5 © First Base Technologies 2012
  • 6. Advanced Persistent Threat (APT) • “An advanced and normally clandestine means to gain continual, persistent intelligence on an individual, or group of individuals” [Wikipedia] • “… a sophisticated, mercurial way that advanced attackers can break into systems, not get caught, keeping long-term access to exfiltrate data at will.” [McAfee] • “… a sophisticated and organized cyber attack to access and steal information from compromised computers.” [MANDIANT] Slide 6 © First Base Technologies 2012
  • 7. Advanced, Persistent, Threat • They combine multiple attack methodologies and tools in order to reach and compromise their target • The attack is conducted through continuous monitoring and interaction in order to achieve the defined objectives • It does not mean a barrage of constant attacks and malware updates - in fact, a “low-and-slow” approach is usually more successful • There is a level of coordinated human involvement in the attack, rather than a mindless and automated piece of code • The operators have a specific objective and are skilled, motivated, organized and well funded Slide 7 © First Base Technologies 2012
  • 8. The Aurora attack http://threatpost.com/ Slide 8 © First Base Technologies 2012
  • 9. The Aurora attack http://threatpost.com/ Slide 9 © First Base Technologies 2012
  • 10. The Aurora attack http://trailofbits.com/2010/01/24/one-exploit-should-not-ruin-your-day/ If you have done or been around any high-level incident response, you would know that these advanced persistent threats have been going on in various sectors for years. Nor is it a new development that the attackers used an 0day client- side exploit along with targeted social engineering as their initial access vector. What is brand new is the fact that a number of large companies have voluntarily gone public with the fact that they were victims to a targeted attack. And this is the most important lesson: targeted attacks do exist and happen to a number of industries besides the usual ones like credit card processors and e-commerce shops. Dino Dai Zovi Slide 10 © First Base Technologies 2012
  • 11. Agenda • APT Primer • Case Studies • Entry Points • Prevention and Detection Slide 11 © First Base Technologies 2012
  • 12. Slide 12 © First Base Technologies 2012 http://blogs.rsa.com/rivner/anatomy-of-an-attack/
  • 13. The RSA attack 1. Research public information about employees 2. Select low-value targets 3. Spear phishing email “2011 Recruitment Plan” with.xls attachment 4. Spreadhseet contains 0day exploit that installs backdoor through Flash vulnerability (Backdoor is Poison Ivy variant RAT reverse-connected) 1. Digital shoulder surf & harvest credentials 2. Performed privilege escalation 3. Target and compromise high-value accounts 4. Copy data from target servers 5. Move data to staging servers and aggregate, compress and encrypt it 6. FTP to external staging server at compromised hosting site 7. Finally pull data from hosted server and remove traces Slide 13 © First Base Technologies 2012
  • 14. RSA Security Brief, February 2012 Slide 14 © First Base Technologies 2012
  • 15. Agenda • APT Primer • Case Studies • Entry Points • Prevention and Detection Slide 15 © First Base Technologies 2012
  • 16. Entry Points Slide 16 © First Base Technologies 2012
  • 17. Identifying ‘The Mark’ Slide 17 © First Base Technologies 2012
  • 18. Social Networking Slide 18 © First Base Technologies 2012
  • 19. Slide 19 © First Base Technologies 2012
  • 20. Facebook Scams Slide 20 © First Base Technologies 2012
  • 21. Document MetaData Harvesting Slide 21 © First Base Technologies 2012
  • 22. Infosecurity Europe 2012 Experiment • Open WiFi on a laptop on our stand • Network name: ‘Infosec free wifi’ • Fake AP using airbase-ng on BackTrack • In one day we collected 86 unique devices Slide 22 © First Base Technologies 2012
  • 23. Wireless Eavesdropping Packet sniffing unprotected WiFi can reveal: • logons and passwords for unencrypted sites • all plain-text traffic (e-mails, web browsing, file transfers) Slide 23 © First Base Technologies 2012
  • 24. Firesheep Capturing Slide 24 © First Base Technologies 2012
  • 25. Firesheep: Game Over Slide 25 © First Base Technologies 2012
  • 26. Telephone Social Engineering Sometimes all they have to do is call up and ask! Slide 26 © First Base Technologies 2012
  • 27. Information Leakage Exposure of: • Corporate hierarchy • E-mail addresses • Phone numbers • Technical infrastructure • Business plans • Sensitive information • Passwords! Slide 27 © First Base Technologies 2012
  • 28. Spear Phishing Slide 28 © First Base Technologies 2012
  • 29. Phishing Emails Slide 29 © First Base Technologies 2012
  • 30. Phishing Emails Slide 30 © First Base Technologies 2012
  • 31. Spear phishing Slide 31 © First Base Technologies 2012
  • 32. Privilege Escalation Slide 32 © First Base Technologies 2012
  • 33. Password ‘Quality’ http://iqsecur.blogspot.ca/2012/04/analysis-of-leaked-militarysinglesorg.html Slide 33 © First Base Technologies 2012
  • 34. Case study: Windows Administrator Passwords admin5 crystal finance Global organisation: friday macadmin • 67 Administrator accounts monkey orange • 43 simple passwords (64%) password password1 prague • 15 were “password” (22%) pudding rocky4 • Some examples we found -> security security1 sparkle webadmin yellow Slide 34 © First Base Technologies 2012
  • 35. Case study: Password Crack • 26,310 passwords from a Windows domain • 11,279 (42.9%) cracked in 2½ minutes • It’s not a challenge! Slide 35 © First Base Technologies 2012
  • 36. Password Issues • Passwords based on dictionary words and names • Service accounts with simple/stupid passwords • Other easy-to-guess passwords • Little or no use of passphrases • Password policies not tailored to specific environments (e.g. Windows LM hash problem) • Old fashioned rules no longer apply (rainbow tables, parallel cracking, video processors) • Just general ignorance and apathy? • One password to rule them all … Slide 36 © First Base Technologies 2012
  • 37. Agenda • APT Primer • Case Studies • Entry Points • Prevention and Detection Slide 37 © First Base Technologies 2012
  • 38. Identifying “The Mark”: Social Networking • Don’t reveal personal or sensitive information in social networking sites or blogs • Set the privacy options in social networking sites • Don’t discuss confidential information online • Don’t ‘friend’ people you don’t know Remember – what goes on the Internet, stays on the Internet! Slide 38 © First Base Technologies 2012
  • 39. Identifying “The Mark”: Telephone Social Engineering • If you receive a suspicious phone call, hang up and call back on a number you know is legitimate • Never reveal personal or sensitive information in response to a phone call unless you have verified the caller • Don’t answer questions about your organisation or colleagues unless it’s your job to do so • Report any phone calls that you suspect might be social engineering attacks Slide 39 © First Base Technologies 2012
  • 40. Identifying “The Mark”: Public and Open WiFi • Remember: open and WEP-encrypted WiFi networks are visible to almost anyone • Never use public WiFi for sensitive information • Don’t use the same password for web sites and for corporate systems • Make sure your email connections are encrypted Slide 40 © First Base Technologies 2012
  • 41. Spear Phishing • Never reveal personal or sensitive information in response to an email, no matter who appears to have sent it • If you receive an email that appears suspicious, call the person or organisation in the ‘From’ field before you respond or open any attached files • Never click links in an email message that requests personal or sensitive information. Enter the web address into your browser instead • Report any email that you suspect might be a spear phishing campaign within your company Slide 41 © First Base Technologies 2012
  • 42. Privilege Escalation • Don’t use passwords based on dictionary words and names • Use complex passphrases for service accounts • Tailor password policies to specific environments (e.g. Windows vs. web sites) • Remember: old fashioned rules no longer apply (rainbow tables, parallel cracking, video processors) • Never re-use passwords: “one password to rule them all …” Slide 42 © First Base Technologies 2012
  • 43. Think Like an Attacker! Hacking is a way of thinking: - A hacker is someone who thinks outside the box - It's someone who discards conventional wisdom, and does something else instead - It's someone who looks at the edge and wonders what's beyond - It's someone who sees a set of rules and wonders what happens if you don't follow them [Bruce Schneier] Hacking applies to all aspects of life - not just computers Slide 43 © First Base Technologies 2012
  • 44. The Human Firewall The money you spent on security products, patching systems and conducting audits could be wasted if you don’t prevent social engineering attacks … Invest in Marketing security awareness and Intelligent, practical policies Slide 44 © First Base Technologies 2012
  • 45. Need more information? Peter Wood Chief Executive Officer First•Base Technologies LLP peterw@firstbase.co.uk http://firstbase.co.uk http://white-hats.co.uk http://peterwood.com Blog: fpws.blogspot.com Twitter: peterwoodx

Notes de l'éditeur

  1. Mike Cloppert is a senior member of Lockheed Martin's Computer Incident Response Team. He has lectured for various audiences including SANS, IEEE, the annual DC3 CyberCrime Convention, and teaches an introductory class on cryptography. His current work consists of security intelligence analysis and development of new tools and techniques for incident response. Michael holds a BS in computer engineering, an MS in computer science, has earned GCIA (#592) and GCFA (#711) gold certifications alongside various others, and is a professional member of ACM and IEEE.
  2. Many people don’t understand that wireless networking is like a wired hub – there is no packet switching, so anyone connected to an open wireless access point can see everyone else’s traffic. Again discovering how to do this isn’t hard and the tools are free. A criminal attacker could be sitting some distance away with a directional antenna and watching everything on the unprotected network.
  3. When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests. It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy. This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room. After installing the extension you'll see a new sidebar. Connect to any busy open wifi network and click the big "Start Capturing" button. Then wait. As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed.
  4. Double-click on someone, and you're instantly logged in as them. That's it. Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way. Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.
  5. PETE: And also, just like the Smartphone, before you do anything else on a social network I want you to protect your ID and your personal information. Because of the “delusion of free”. Because you think the Internet is this wonderful, benign, philanthropic supermarket, run by Willy Wonka, where the price tag of everything is zero-point-zero, please-help-yourself. So you may not wonder why this social media outfit wants you to stuff its archives with all your personal information, all your preferences, all your loves and likes and loathings. But what’s going to happen, with your help, is they publish all your info them throughout the known universe. And thus, shrewd cold callers on the planet Zog will have access to all of that sweet intelligence plus your email and phone number. A reminder. What are you? FRANK: I am the product.