Your SlideShare is downloading. ×
TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer


Published on

Published in: Technology, Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Technology Deathmatch The arms race is on Sean M. Bodmer, CEH, CISSP, NCIA Chief Researcher Counter-Exploitation Intelligence CounterTack
  • 2. Who is this tool?  Sean M. Bodmer, CISSP, CEH, NCIA  Arrested @16 years of age for hacking NASA and 3 other .gov networks  Yes, it did put a damper on my life for a few years  >50% of my time spent in non-gov’t based clandestine cyber operations  2012 – Helped US Entities seize and recuperate > $6M USD  Brief Bio  Over 16 Years in IT Systems Security  Over 10 Years in Intelligence and Counter-Intelligence Operations  Lectured at numerous Industry Conferences  Co-Authored 2 Books w/McGraw-Hill (writing 2 more)  Quoted and Named in > 400  Magazines, newspapers, radio, and tv-news  CounterTack, Inc.  Focused on in-progress detection and attribution of threats  Develops and deploys custom high-interaction honeypots  Provides customers tailored Threat Intelligence Services  Knowledge Bridge Intelligence, Inc  US IO Subject Matter Expert
  • 3. 11/18/2013 3
  • 4. There is more than one Author(s) • Original malware creator(s) • Offer malware “off-the-rack” or custom built • May offer DIY construction kits • Money-back guarantee if detected • 24x7 support Distribution/Delivery (MAS) • • • • • Specialized distribution network Attracts and infects victims Global & targeted content delivery Delivery through Spam/drive-by/USB/etc. Offers 24x7 support Leader • Individual or criminal team • Maintains and controls order • Holds admin credentials Operator • Operates a section • Issues commands • May be the leader Resilience/Recovery (MAS) • • • • • Provides C&C resilience services Anti-takedown network construction Bullet-proof domain hosting Fast-flux DNS services Offers 24x7 Support
  • 5. Cloud as a Service Model • YES, criminals are mirroring our e-biz models
  • 6. Malware As A Service
  • 7. Malware As A Service
  • 8. Malware As A Service
  • 9. Malware As A Service
  • 10. Boundary/ Perimeter
  • 11. Host/End-point
  • 12. Host/End-point
  • 13. The Arbitrary Icon THIS DOES NOT MEAN YOU ARE SAFE !!!
  • 14. Today’s Problem Set • Almost all discoveries are post-mortem – Next day or countless days later • Generally, through laborious manual analysis • Easily detectable over time – Static defenses can be identified by skilled adversaries • Difficult to use – – – – Heavily dependent on human expertise Staging and maintaining honeynets Manual reporting and analysis Manual correlation between data sources
  • 15. Let’s Look @ Something • What can one find when p0wning bad-actors? Carberp Source Code Leak
  • 16. Questions?? Twitter @Spydurw3b Skype @Crypt0k1d