SlideShare a Scribd company logo

Persistence is Key: Advanced Persistent Threats

Download as PPTX, PDF
S
Sameer Thadani

Exploring APT and AET

Technology
1 of 20
Persistence is Key: Advanced Persistent Threats By: Sameer Thadani
Objectives What is an APT What is an AET Past targets What to look for in the future
Advanced Persistent Threats  Advanced  Higher levels of sophistication  Has access to Zero-Day exploits  Adapts to the victims defenses  Persistent  Attacks are specific  Continue until the specific goals are met  Intend to maintain communication with victim compromised systems  Threats  Real power players behind attacks such as nation-states  Not your mom and pop hacking job
APT Malware Anatomy
APT Attack Flow Step 1 • Reconnaissance Step 2 • Initial Intrusion into the Network Sep 3 • Establish a Backdoor into the Network Step 5 • Install Various Utilities Step 6 • Lateral Movement and Data Exfiltration
Reconnaissance First stage of an APT Learning about the victims business processes and technology Tools Whois Nmap Netcraft.com Social Media Searching Acting SKILLZ
Network Access Spear-Phishing = #1 Way Targeting specific high value people Sending highly realistic email addresses with attachments Attachments include remote trojans or malware BUT WAIT, how does my malware get passed IDS/IPS, Firewalls, and Email Filters? ADVANCED EVASION TECHNIQUES
Advance Evasion Techniques Key techniques used to disguise threats to evade and bypass security systems Why are they advanced? They combine multiple evasion techniques that focus on multiple protocol layers. Evasions change during the attack They allow malicious payloads or exploits, such as malware to look normal A wide variety of techniques Combinations are endless
Polymorphic Shellcode Constantly changing packet injected code… using ADMmutate
Polymorphic Shellcode
Packet Splitting
Establish Backdoors Establish backdoors Backdoors allow attackers to stay in constant contact with the compromised machine. Ex. Poison Ivy
Install Utilities Install key-logger Ex: iSam
Lateral Movement  Compromise more machines on the network and setup more back doors, this allows for lateral movement and persistence  Ex. TRiAD Botnet Control System  EXFILTRATE DATA!
Why is this happening? Nation-State intelligence to aid in wartime strategy and exploitation Diminish competition and improve strategic advantage by stealing intellectual property To extort or ruin VIP To gain $$$$ and gain economic power
Learning from the past… Google - Hydraq RSA SecureID Iran’s Nuclear Plant - Stuxnet All targeted attacks on huge companies Anyone can be targeted.
Preparing for the Future..
Keep your eyes open Elevated log-ons at unexpected times Finding any backdoor Trojans Look for any anomalies for information flow Look for HUGE data bundles
Questions?
Sources  http://www.infoworld.com/article/2615666/security/5-signs- you-ve-been-hit-with-an-advanced-persistent-threat.html  https://www.youtube.com/watch?v=ugXyzkkYN9E  https://www.youtube.com/watch?v=J9MmrqatA1w  http://searchsecurity.techtarget.com/definition/advanced- persistent-threat-APT  http://www.symantec.com/theme.jsp?themeid=apt- infographic-1  http://searchsecurity.techtarget.com/definition/advanced- evasion-technique-AET  http://www.csoonline.com/article/2138125/what-are- advanced-evasion-techniques-dont-expect-cios-to-know- says-mcafee.html  Issa.org

Recommended

Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 

Recommended

Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot EssentialsAnton Chuvakin
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareQuick Heal Technologies Ltd.
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingChetanmalviya8
 
Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxEthical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxJanani S
 

More Related Content

What's hot

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 

What's hot (20)

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 

Similar to Persistence is Key: Advanced Persistent Threats

Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxEthical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxJanani S
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
Apt zero day malware
Apt zero day malwareApt zero day malware
Apt zero day malwareaspiretss
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
Ethical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptxEthical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptxMaheshDhope1
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfANUSREEASHOK5
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptshreya_omar
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxVishnuVarma47
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and ToolsKaran Bhandari
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxAnshumaanTiwari2
 
Summer training in jaipur
Summer training in jaipurSummer training in jaipur
Summer training in jaipurcyber cure
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 

Similar to Persistence is Key: Advanced Persistent Threats (20)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxEthical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptx
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Apt zero day malware
Apt zero day malwareApt zero day malware
Apt zero day malware
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
Ethical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptxEthical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptx
 
From Identity to Ownership Theft
From Identity to Ownership TheftFrom Identity to Ownership Theft
From Identity to Ownership Theft
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdf
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and Tools
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
Summer training in jaipur
Summer training in jaipurSummer training in jaipur
Summer training in jaipur
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Persistence is Key: Advanced Persistent Threats

  • 1. Persistence is Key: Advanced Persistent Threats By: Sameer Thadani
  • 2. Objectives What is an APT What is an AET Past targets What to look for in the future
  • 3. Advanced Persistent Threats  Advanced  Higher levels of sophistication  Has access to Zero-Day exploits  Adapts to the victims defenses  Persistent  Attacks are specific  Continue until the specific goals are met  Intend to maintain communication with victim compromised systems  Threats  Real power players behind attacks such as nation-states  Not your mom and pop hacking job
  • 5. APT Attack Flow Step 1 • Reconnaissance Step 2 • Initial Intrusion into the Network Sep 3 • Establish a Backdoor into the Network Step 5 • Install Various Utilities Step 6 • Lateral Movement and Data Exfiltration
  • 6. Reconnaissance First stage of an APT Learning about the victims business processes and technology Tools Whois Nmap Netcraft.com Social Media Searching Acting SKILLZ
  • 7. Network Access Spear-Phishing = #1 Way Targeting specific high value people Sending highly realistic email addresses with attachments Attachments include remote trojans or malware BUT WAIT, how does my malware get passed IDS/IPS, Firewalls, and Email Filters? ADVANCED EVASION TECHNIQUES
  • 8. Advance Evasion Techniques Key techniques used to disguise threats to evade and bypass security systems Why are they advanced? They combine multiple evasion techniques that focus on multiple protocol layers. Evasions change during the attack They allow malicious payloads or exploits, such as malware to look normal A wide variety of techniques Combinations are endless
  • 9. Polymorphic Shellcode Constantly changing packet injected code… using ADMmutate
  • 12. Establish Backdoors Establish backdoors Backdoors allow attackers to stay in constant contact with the compromised machine. Ex. Poison Ivy
  • 14. Lateral Movement  Compromise more machines on the network and setup more back doors, this allows for lateral movement and persistence  Ex. TRiAD Botnet Control System  EXFILTRATE DATA!
  • 15. Why is this happening? Nation-State intelligence to aid in wartime strategy and exploitation Diminish competition and improve strategic advantage by stealing intellectual property To extort or ruin VIP To gain $$$$ and gain economic power
  • 16. Learning from the past… Google - Hydraq RSA SecureID Iran’s Nuclear Plant - Stuxnet All targeted attacks on huge companies Anyone can be targeted.
  • 17. Preparing for the Future..
  • 18. Keep your eyes open Elevated log-ons at unexpected times Finding any backdoor Trojans Look for any anomalies for information flow Look for HUGE data bundles
  • 20. Sources  http://www.infoworld.com/article/2615666/security/5-signs- you-ve-been-hit-with-an-advanced-persistent-threat.html  https://www.youtube.com/watch?v=ugXyzkkYN9E  https://www.youtube.com/watch?v=J9MmrqatA1w  http://searchsecurity.techtarget.com/definition/advanced- persistent-threat-APT  http://www.symantec.com/theme.jsp?themeid=apt- infographic-1  http://searchsecurity.techtarget.com/definition/advanced- evasion-technique-AET  http://www.csoonline.com/article/2138125/what-are- advanced-evasion-techniques-dont-expect-cios-to-know- says-mcafee.html  Issa.org