Your SlideShare is downloading. ×
TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer

75
views

Published on

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
75
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Technology Deathmatch The arms race is on Sean M. Bodmer, CEH, CISSP, NCIA Chief Researcher Counter-Exploitation Intelligence CounterTack
  • 2. Who is this tool?  Sean M. Bodmer, CISSP, CEH, NCIA  Arrested @16 years of age for hacking NASA and 3 other .gov networks  Yes, it did put a damper on my life for a few years  >50% of my time spent in non-gov’t based clandestine cyber operations  2012 – Helped US Entities seize and recuperate > $6M USD  Brief Bio  Over 16 Years in IT Systems Security  Over 10 Years in Intelligence and Counter-Intelligence Operations  Lectured at numerous Industry Conferences  Co-Authored 2 Books w/McGraw-Hill (writing 2 more)  Quoted and Named in > 400  Magazines, newspapers, radio, and tv-news  CounterTack, Inc.  Focused on in-progress detection and attribution of threats  Develops and deploys custom high-interaction honeypots  Provides customers tailored Threat Intelligence Services  Knowledge Bridge Intelligence, Inc  US IO Subject Matter Expert
  • 3. 11/18/2013 3
  • 4. There is more than one Author(s) • Original malware creator(s) • Offer malware “off-the-rack” or custom built • May offer DIY construction kits • Money-back guarantee if detected • 24x7 support Distribution/Delivery (MAS) • • • • • Specialized distribution network Attracts and infects victims Global & targeted content delivery Delivery through Spam/drive-by/USB/etc. Offers 24x7 support Leader • Individual or criminal team • Maintains and controls order • Holds admin credentials Operator • Operates a section • Issues commands • May be the leader Resilience/Recovery (MAS) • • • • • Provides C&C resilience services Anti-takedown network construction Bullet-proof domain hosting Fast-flux DNS services Offers 24x7 Support
  • 5. Cloud as a Service Model • YES, criminals are mirroring our e-biz models
  • 6. Malware As A Service
  • 7. Malware As A Service
  • 8. Malware As A Service
  • 9. Malware As A Service
  • 10. Boundary/ Perimeter
  • 11. Host/End-point
  • 12. Host/End-point
  • 13. The Arbitrary Icon THIS DOES NOT MEAN YOU ARE SAFE !!!
  • 14. Today’s Problem Set • Almost all discoveries are post-mortem – Next day or countless days later • Generally, through laborious manual analysis • Easily detectable over time – Static defenses can be identified by skilled adversaries • Difficult to use – – – – Heavily dependent on human expertise Staging and maintaining honeynets Manual reporting and analysis Manual correlation between data sources
  • 15. Let’s Look @ Something • What can one find when p0wning bad-actors? Carberp Source Code Leak
  • 16. Questions?? sbodmer@countertack.com Twitter @Spydurw3b Skype @Crypt0k1d