TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer

409 views

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
409
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer

  1. 1. Technology Deathmatch The arms race is on Sean M. Bodmer, CEH, CISSP, NCIA Chief Researcher Counter-Exploitation Intelligence CounterTack
  2. 2. Who is this tool?  Sean M. Bodmer, CISSP, CEH, NCIA  Arrested @16 years of age for hacking NASA and 3 other .gov networks  Yes, it did put a damper on my life for a few years  >50% of my time spent in non-gov’t based clandestine cyber operations  2012 – Helped US Entities seize and recuperate > $6M USD  Brief Bio  Over 16 Years in IT Systems Security  Over 10 Years in Intelligence and Counter-Intelligence Operations  Lectured at numerous Industry Conferences  Co-Authored 2 Books w/McGraw-Hill (writing 2 more)  Quoted and Named in > 400  Magazines, newspapers, radio, and tv-news  CounterTack, Inc.  Focused on in-progress detection and attribution of threats  Develops and deploys custom high-interaction honeypots  Provides customers tailored Threat Intelligence Services  Knowledge Bridge Intelligence, Inc  US IO Subject Matter Expert
  3. 3. 11/18/2013 3
  4. 4. There is more than one Author(s) • Original malware creator(s) • Offer malware “off-the-rack” or custom built • May offer DIY construction kits • Money-back guarantee if detected • 24x7 support Distribution/Delivery (MAS) • • • • • Specialized distribution network Attracts and infects victims Global & targeted content delivery Delivery through Spam/drive-by/USB/etc. Offers 24x7 support Leader • Individual or criminal team • Maintains and controls order • Holds admin credentials Operator • Operates a section • Issues commands • May be the leader Resilience/Recovery (MAS) • • • • • Provides C&C resilience services Anti-takedown network construction Bullet-proof domain hosting Fast-flux DNS services Offers 24x7 Support
  5. 5. Cloud as a Service Model • YES, criminals are mirroring our e-biz models
  6. 6. Malware As A Service
  7. 7. Malware As A Service
  8. 8. Malware As A Service
  9. 9. Malware As A Service
  10. 10. Boundary/ Perimeter
  11. 11. Host/End-point
  12. 12. Host/End-point
  13. 13. The Arbitrary Icon THIS DOES NOT MEAN YOU ARE SAFE !!!
  14. 14. Today’s Problem Set • Almost all discoveries are post-mortem – Next day or countless days later • Generally, through laborious manual analysis • Easily detectable over time – Static defenses can be identified by skilled adversaries • Difficult to use – – – – Heavily dependent on human expertise Staging and maintaining honeynets Manual reporting and analysis Manual correlation between data sources
  15. 15. Let’s Look @ Something • What can one find when p0wning bad-actors? Carberp Source Code Leak
  16. 16. Questions?? sbodmer@countertack.com Twitter @Spydurw3b Skype @Crypt0k1d

×