Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
APT .. Malware and Media
Entertainment for the Industry

http://www.3slabs.com
Advanced Persistent Threat

??

• Target: Organization “XYZ”
– Follows Security Best Practices
– Regular Penetration Tests...
http://threatpost.tumblr.com/post/16467594167/whos-spying-on-whom-examples-include-hacks-of
The Popular “APT”s 2013
•
•
•
•
•
•
•
•

Red October
APT1
MiniDuke
TeamSpy
Flame
Duqu
StuxNet
[ …. Lot more .. ]

Top coun...
The “supposedly” Father of APT

You cannot blame it all on the CHINESE ANY MORE !
http://spectrum.ieee.org/telecom/securit...
Life of an “APT”
Exploits
R&D

AV Evasion

Payloads

[…]

0day Research
Profiling
Ops

Monitoring

Phishing

Analysis

Tar...
An “APT” without “A”
The Role of Electronic Media
The Front-Line Defenses
The Front-Line Defenses
The Case of APT “proliferation”
• The MiniDuke Exploit CVE-2013-0640
– Adobe Reader 0day Found-in-the-Wild
– Highly Sophis...
The Case of APT “proliferation”

This exploit was
developed in TAG
TEAM effort with
A “sample” APT Tool

…..
Thank
You

For listening (being awake)

adatta@3slabs.com
@abh1sek
Upcoming SlideShare
Loading in …5
×

APT Malware & Media

1,145 views

Published on

A short talk on Advanced Persistent Threat and corresponding malware seen in the wild. Also touches upon the role of electronic media in over hyping specific cases.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

APT Malware & Media

  1. 1. APT .. Malware and Media Entertainment for the Industry http://www.3slabs.com
  2. 2. Advanced Persistent Threat ?? • Target: Organization “XYZ” – Follows Security Best Practices – Regular Penetration Tests done – Empty report with Nessus, AppScan/Acunetix/... on their online assets I am a h4x0r and I have better and easier targets than “XYZ” I am an employee and my employer “demands” that I compromise “XYZ”
  3. 3. http://threatpost.tumblr.com/post/16467594167/whos-spying-on-whom-examples-include-hacks-of
  4. 4. The Popular “APT”s 2013 • • • • • • • • Red October APT1 MiniDuke TeamSpy Flame Duqu StuxNet [ …. Lot more .. ] Top countries with Online Resources seeded with Malware http://www.securelist.com/en/analysis/204792292/IT_Threat_Evolution_Q1_2013
  5. 5. The “supposedly” Father of APT You cannot blame it all on the CHINESE ANY MORE ! http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
  6. 6. Life of an “APT” Exploits R&D AV Evasion Payloads […] 0day Research Profiling Ops Monitoring Phishing Analysis Targeted Attacks […] Admin & Misc
  7. 7. An “APT” without “A”
  8. 8. The Role of Electronic Media
  9. 9. The Front-Line Defenses
  10. 10. The Front-Line Defenses
  11. 11. The Case of APT “proliferation” • The MiniDuke Exploit CVE-2013-0640 – Adobe Reader 0day Found-in-the-Wild – Highly Sophisticated Exploit • ASLR & DEP bypass using – Information Leak – Dynamic Return-Oriented-Programming (ROP) – First ‘public’ example of ROP-only Shellcode • Reliable Sandbox Escape http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/the-number-of-the-beast.html http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/its-a-kind-of-magic-1.html http://www.varanoid.com/security-vendors/mcafee/analyzing-the-first-rop-only-sandbox-escaping-pdfexploit/
  12. 12. The Case of APT “proliferation” This exploit was developed in TAG TEAM effort with
  13. 13. A “sample” APT Tool …..
  14. 14. Thank You For listening (being awake) adatta@3slabs.com @abh1sek

×