SlideShare a Scribd company logo

Persistence is Key: Advanced Persistent Threats

Download as PPTX, PDF
S
Sameer Thadani

Exploring APT and AET

Technology
1 of 20
Persistence is Key: Advanced Persistent Threats By: Sameer Thadani
Objectives What is an APT What is an AET Past targets What to look for in the future
Advanced Persistent Threats  Advanced  Higher levels of sophistication  Has access to Zero-Day exploits  Adapts to the victims defenses  Persistent  Attacks are specific  Continue until the specific goals are met  Intend to maintain communication with victim compromised systems  Threats  Real power players behind attacks such as nation-states  Not your mom and pop hacking job
APT Malware Anatomy
APT Attack Flow Step 1 • Reconnaissance Step 2 • Initial Intrusion into the Network Sep 3 • Establish a Backdoor into the Network Step 5 • Install Various Utilities Step 6 • Lateral Movement and Data Exfiltration
Reconnaissance First stage of an APT Learning about the victims business processes and technology Tools Whois Nmap Netcraft.com Social Media Searching Acting SKILLZ
Network Access Spear-Phishing = #1 Way Targeting specific high value people Sending highly realistic email addresses with attachments Attachments include remote trojans or malware BUT WAIT, how does my malware get passed IDS/IPS, Firewalls, and Email Filters? ADVANCED EVASION TECHNIQUES
Advance Evasion Techniques Key techniques used to disguise threats to evade and bypass security systems Why are they advanced? They combine multiple evasion techniques that focus on multiple protocol layers. Evasions change during the attack They allow malicious payloads or exploits, such as malware to look normal A wide variety of techniques Combinations are endless
Polymorphic Shellcode Constantly changing packet injected code… using ADMmutate
Polymorphic Shellcode
Packet Splitting
Establish Backdoors Establish backdoors Backdoors allow attackers to stay in constant contact with the compromised machine. Ex. Poison Ivy
Install Utilities Install key-logger Ex: iSam
Lateral Movement  Compromise more machines on the network and setup more back doors, this allows for lateral movement and persistence  Ex. TRiAD Botnet Control System  EXFILTRATE DATA!
Why is this happening? Nation-State intelligence to aid in wartime strategy and exploitation Diminish competition and improve strategic advantage by stealing intellectual property To extort or ruin VIP To gain $$$$ and gain economic power
Learning from the past… Google - Hydraq RSA SecureID Iran’s Nuclear Plant - Stuxnet All targeted attacks on huge companies Anyone can be targeted.
Preparing for the Future..
Keep your eyes open Elevated log-ons at unexpected times Finding any backdoor Trojans Look for any anomalies for information flow Look for HUGE data bundles
Questions?
Sources  http://www.infoworld.com/article/2615666/security/5-signs- you-ve-been-hit-with-an-advanced-persistent-threat.html  https://www.youtube.com/watch?v=ugXyzkkYN9E  https://www.youtube.com/watch?v=J9MmrqatA1w  http://searchsecurity.techtarget.com/definition/advanced- persistent-threat-APT  http://www.symantec.com/theme.jsp?themeid=apt- infographic-1  http://searchsecurity.techtarget.com/definition/advanced- evasion-technique-AET  http://www.csoonline.com/article/2138125/what-are- advanced-evasion-techniques-dont-expect-cios-to-know- says-mcafee.html  Issa.org

Recommended

Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
Dan Morrill
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
festival ICT 2016
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
TISA
 

Recommended

Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
Dan Morrill
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
festival ICT 2016
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
TISA
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Ollie Whitehouse
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
Yuval Sinay, CISSP, C|CISO
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
Priyanka Aash
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
Mohammed Adam
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
APNIC
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
ESET
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
Anton Chuvakin
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
Quick Heal Technologies Ltd.
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Falgun Rathod
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
Vikram Khanna
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
Priyanka Aash
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Imperva
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Rahul Neel Mani
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Chetanmalviya8
 
Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxEthical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptx
Janani S
 

More Related Content

What's hot

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Imperva
 

What's hot (20)

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 

Similar to Persistence is Key: Advanced Persistent Threats

From Identity to Ownership Theft
From Identity to Ownership TheftFrom Identity to Ownership Theft
From Identity to Ownership Theft
University of Hertfordshire
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdf
ANUSREEASHOK5
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
VishnuVarma47
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and Tools
Karan Bhandari
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
Harshil Barot
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 

Similar to Persistence is Key: Advanced Persistent Threats (20)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxEthical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptx
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Apt zero day malware
Apt zero day malwareApt zero day malware
Apt zero day malware
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
Ethical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptxEthical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptx
 
From Identity to Ownership Theft
From Identity to Ownership TheftFrom Identity to Ownership Theft
From Identity to Ownership Theft
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdf
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and Tools
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
Summer training in jaipur
Summer training in jaipurSummer training in jaipur
Summer training in jaipur
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Persistence is Key: Advanced Persistent Threats

  • 1. Persistence is Key: Advanced Persistent Threats By: Sameer Thadani
  • 2. Objectives What is an APT What is an AET Past targets What to look for in the future
  • 3. Advanced Persistent Threats  Advanced  Higher levels of sophistication  Has access to Zero-Day exploits  Adapts to the victims defenses  Persistent  Attacks are specific  Continue until the specific goals are met  Intend to maintain communication with victim compromised systems  Threats  Real power players behind attacks such as nation-states  Not your mom and pop hacking job
  • 5. APT Attack Flow Step 1 • Reconnaissance Step 2 • Initial Intrusion into the Network Sep 3 • Establish a Backdoor into the Network Step 5 • Install Various Utilities Step 6 • Lateral Movement and Data Exfiltration
  • 6. Reconnaissance First stage of an APT Learning about the victims business processes and technology Tools Whois Nmap Netcraft.com Social Media Searching Acting SKILLZ
  • 7. Network Access Spear-Phishing = #1 Way Targeting specific high value people Sending highly realistic email addresses with attachments Attachments include remote trojans or malware BUT WAIT, how does my malware get passed IDS/IPS, Firewalls, and Email Filters? ADVANCED EVASION TECHNIQUES
  • 8. Advance Evasion Techniques Key techniques used to disguise threats to evade and bypass security systems Why are they advanced? They combine multiple evasion techniques that focus on multiple protocol layers. Evasions change during the attack They allow malicious payloads or exploits, such as malware to look normal A wide variety of techniques Combinations are endless
  • 9. Polymorphic Shellcode Constantly changing packet injected code… using ADMmutate
  • 12. Establish Backdoors Establish backdoors Backdoors allow attackers to stay in constant contact with the compromised machine. Ex. Poison Ivy
  • 14. Lateral Movement  Compromise more machines on the network and setup more back doors, this allows for lateral movement and persistence  Ex. TRiAD Botnet Control System  EXFILTRATE DATA!
  • 15. Why is this happening? Nation-State intelligence to aid in wartime strategy and exploitation Diminish competition and improve strategic advantage by stealing intellectual property To extort or ruin VIP To gain $$$$ and gain economic power
  • 16. Learning from the past… Google - Hydraq RSA SecureID Iran’s Nuclear Plant - Stuxnet All targeted attacks on huge companies Anyone can be targeted.
  • 17. Preparing for the Future..
  • 18. Keep your eyes open Elevated log-ons at unexpected times Finding any backdoor Trojans Look for any anomalies for information flow Look for HUGE data bundles
  • 20. Sources  http://www.infoworld.com/article/2615666/security/5-signs- you-ve-been-hit-with-an-advanced-persistent-threat.html  https://www.youtube.com/watch?v=ugXyzkkYN9E  https://www.youtube.com/watch?v=J9MmrqatA1w  http://searchsecurity.techtarget.com/definition/advanced- persistent-threat-APT  http://www.symantec.com/theme.jsp?themeid=apt- infographic-1  http://searchsecurity.techtarget.com/definition/advanced- evasion-technique-AET  http://www.csoonline.com/article/2138125/what-are- advanced-evasion-techniques-dont-expect-cios-to-know- says-mcafee.html  Issa.org