2. ► Gunter Ollmann
► CTO - IOActive
► University of Georgia Advisory board
► Formerly:
► Damballa CTO & VP Research
► IBM Chief Security Strategist
► ISS Director of X-Force & EMEA SAS
► NGS Professional Services Director
► Can be found/followed/located at:
► Email gunter.ollmann@ioactive.com
► Twitter - @gollmann
About Me
5. ►
►
► Outsourcing of all complex bits
► Commercial tools for evasion
►
► Quality Assurance services
► Subscription services to check every malware against all current
enterprise network and host-based detection technologies
Cybercrime Evasion
6. ►
► Multiple campaigns, multiple vectors, multiple tools
► Constant information gathering
►
► Mapping networks, host configurations, incident response metrics
► Tie in to organized crime and cybercrime units
► Buy the info or access
► Mingle cyber with physical world
7. ► Bypassing automated defenses Sandboxing/Virtual
►
►
►
► Live Exchange connector & address book
► Age of browser cache
► Webex connectors, etc.
►
►
Stealth within an Onslaught
8. ► Who needs the front door?
► Other devices being carried in past perimeter (BYOD)
► Substitution of physical components
► Spotting chip & board changes?
► Incorporation of custom FPGA logic, etc.
►
►
Breaking the Supply Chain
9. ►
► Most commercial crimeware techniques are already sufficient
►
► Buffer overflow conditions
►
► 0-day, shmo-
► Not normally needed.
► Often increases probability of being detec