• Home

  • Documents

  • APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to...
36
© 2012 Deloitte Hungary 23 November 2012 Gergely Tóth | Senior Manager, Security & Privacy APT Advanced Persistent Threat Time to rethink?

APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

  • Upload
    others

  • View
    18

  • Download
    0

Embed Size (px)

Citation preview

Page 1: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

23 November 2012

Gergely Tóth | Senior Manager, Security & Privacy

APT – Advanced Persistent Threat Time to rethink?

Page 2: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

2 APT – Advanced Persistent Threat – Time to rethink?

Agenda

APT examples

How to get inside?

Remote control

Once we are inside

Conclusion

Page 3: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

3 APT – Advanced Persistent Threat – Time to rethink?

APT – Advanced Persistent Threat Definition

“The term is commonly used to refer to cyber threats, in particular that of Internet-

enabled espionage using a variety of intelligence gathering techniques to access

sensitive information...” -- Wikipedia

• Advanced

‒ Sophisticated attack potentially

• combining several types of techniques

• including zero-day exploits and social engineering

• Persistent

‒ Targeted instead of being opportunistic: i.e. attack is tailored to the

organization at hand

• Threat

Page 4: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

APT example Spear phishing attack

4 APT – Advanced Persistent Threat – Time to rethink?

Page 5: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

5 APT – Advanced Persistent Threat – Time to rethink?

Spear Phishing Example #1

Page 6: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

6 APT – Advanced Persistent Threat – Time to rethink?

Spear Phishing Example #1, cont’d

Page 7: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

7 APT – Advanced Persistent Threat – Time to rethink?

Spear Phishing Details of the attack

• Attack lasted two days

• Two user groups received “spear phishing” e-mails

‒ They were not privileged users

• Interesting e-mails

‒ “2011 Recruitment Plan”

• At least one user

‒ Retrieved the e-mail from the “Junk e-mails” folder

‒ Opened the attachment

Source: http://blogs.rsa.com/rivner/anatomy-of-an-attack/

Page 8: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

8 APT – Advanced Persistent Threat – Time to rethink?

Spear Phishing Details of the attack, cont’d

• The payload

‒ Excel document with embedded Flash object

‒ “Zero-day” (CVE-2011-0609) Flash exploit

• Modified Poison Ivy installed by the payload

‒ Well-known remote management software

‒ “Reverse connect” mode workstation connects to attacker’s server

• Privilege escalation

‒ Domain users

‒ Service users

‒ Domain admins

• Internal attacks

‒ Internal servers

‒ “Staging” server storage, compression, encryption

• FTP out collected data to a cracked server

• Clean-up after the attack: wipe traces

Source: http://blogs.rsa.com/rivner/anatomy-of-an-attack/

Page 9: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

APT example “Traditional” systems compromise

9 APT – Advanced Persistent Threat – Time to rethink?

Page 10: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

10 APT – Advanced Persistent Threat – Time to rethink?

“Traditional” systems compromise Example #2

DMZ Office

LAN

Secure

LAN

Page 11: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

11 APT – Advanced Persistent Threat – Time to rethink?

“Traditional” systems compromise Details of the attack

• Attack lasted one month

• Systems compromise route

‒ Web server in the DMZ used as file manager and “proxy”

‒ Office LAN systems

‒ Secure LAN

• Scale of the attack

‒ All CA servers compromised

‒ Certificates issued using the HSM module used later in a large-scale attack

(300k+ victims potentially)

‒ Log files tampered with to hide traces of activity

Source: http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2012/08/13/black-tulip-

update/black-tulip-update.pdf

Page 12: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

HSM

Myths and reality

• We use HSM (Hardware Security Module) in business critical systems for

sensitive transactions

12 APT – Advanced Persistent Threat – Time to rethink?

HSM used in batch

processes or

automatically

Compromised systems

will to use the HSM just

as easily

Page 13: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

How to get inside? The “Spear”

13 APT – Advanced Persistent Threat – Time to rethink?

Page 14: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

The “Spear” Example #3

14 APT – Advanced Persistent Threat – Time to rethink?

Source: http://www.securitynewsdaily.com/-cyberattack-hits-oak-ridge-national-laboratory-0709/

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::

::::::

::::::

::::::

::::::

::::::

::::::

::::::

:::::

:::::

:::::

Approx. 5000 users

Approx. 530 targets

57 clicks

::

2 successful exploits

Page 15: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

The “Spear” The “Ignore the security warnings” training course

15 APT – Advanced Persistent Threat – Time to rethink?

Page 16: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

The “Spear” Myths and reality

• Anti-virus and IDS/IPS stops such attacks

16 APT – Advanced Persistent Threat – Time to rethink?

Signature-based mechanisms are

ineffective against unknown attack

types (e.g. “zero-day”

vulnerabilities, customized

payloads)

Page 17: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

The “Spear” Experiences (1)

17 APT – Advanced Persistent Threat – Time to rethink?

‒ Targeted users

Page 18: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

The “Spear” Experiences (2)

18 APT – Advanced Persistent Threat – Time to rethink?

‒ Fooled users

‒ Insider info (disgruntled

employee)

‒ Stolen laptop

‒ Compromised e-mail

account

‒ Corporate templates

‒ Culture/language habits

‒ Systems, typical e-mail

? Does it really matter?

‒ Autopilot

‒ The myth of templates

Page 19: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

The “Spear” Experiences (3)

19 APT – Advanced Persistent Threat – Time to rethink?

‒ Successful exploits

‒ Insider info (disgruntled

employee)

‒ Stolen laptop

‒ Zero-day exploit

‒ Custom payload

Page 20: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

What would be your conversion rate?

20 APT – Advanced Persistent Threat – Time to rethink?

Targeted users: 1 in 4

Fooled users: 1 in 3

Successful exploits: 1 in 2

Page 21: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Remote control

21 APT – Advanced Persistent Threat – Time to rethink?

Page 22: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

“Remote control” Poison Ivy

22 APT – Advanced Persistent Threat – Time to rethink?

Page 23: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

“Remote control” Metasploit - Meterpreter

23 APT – Advanced Persistent Threat – Time to rethink?

Page 24: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

“Remote control” Metasploit - Meterpreter

24 APT – Advanced Persistent Threat – Time to rethink?

Page 25: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Remote control

Myths and reality

• We use proxies to access the Internet, which require username-password

authentication

25 APT – Advanced Persistent Threat – Time to rethink?

The typical exploit injects the

code responsible for

communication into Internet

Explorer

IE authenticates

automatically at the proxy

as the logged in

(attacked) user

Page 26: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Once we are inside

26 APT – Advanced Persistent Threat – Time to rethink?

Page 27: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Once we are inside An attacker’s heaven

27 APT – Advanced Persistent Threat – Time to rethink?

• Normal ‘business’ user

‒ Application access

‒ E-mail access

‒ Network (share) access

‒ Helpdesk access

• Privilege escalation

‒ Two-tier applications Direct database access

‒ Weak authentication schemes Access with admin role

‒ Weak passwords Unauthorized access

‒ Unpatched systems Exploits

Page 28: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Once we are inside The reality

28 APT – Advanced Persistent Threat – Time to rethink?

Criticality of the system

Length of the patching cycle

Ratio of unpatched devices

Page 29: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Once we are inside Where is your data?

29 APT – Advanced Persistent Threat – Time to rethink?

Application ServerUser

File Server

Application Server

Application Server

User

User

Printer server

User

Mail Server

User

User

Admin

Page 30: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary 30 APT – Advanced Persistent Threat – Time to rethink?

Results of systems compromise

• Example #1

‒ Several major VLANs compromised

‒ Access to undisclosed internal sensitive information

• Example #2

‒ Several major VLANs compromised (DMZ, office, secure server)

‒ All critical systems compromised (all CAs and the HSM)

Bankruptcy within 2 months of the attack

• Example #3

‒ Access to undisclosed internal sensitive information

• Commonalities

‒ Skilled and customized attacks

‒ Access to sensitive information

‒ Sophisticated attempts to hide traces

Page 31: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Conclusion

31 APT – Advanced Persistent Threat – Time to rethink?

Page 32: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

APT – The schematics

Do they look similar?

32 APT – Advanced Persistent Threat – Time to rethink?

Example #1 – Spear phishing Example #3 – Traditional systems

compromise

It’s not a coincidence...

Page 33: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Defenses

33 APT – Advanced Persistent Threat – Time to rethink?

Prevent • Defense in depth – network zones

• Hardening on the external-facing and internal networks

Detect

• IDS, IPS, anti-virus

• Awareness

• Log analysis

Correct • Incident response

Page 34: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Conclusion

34 APT – Advanced Persistent Threat – Time to rethink?

• Targeted and sophisticated attacks high probability to succeed

• External attacker internal attacker

• Prevent / detect / correct there is no silver bullet

Page 35: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Contact

35 APT – Advanced Persistent Threat – Time to rethink?

Gergely Tóth

Senior Manager │ Security & Privacy

Tel: + 36 (1) 428 6607

Email: [email protected]

Page 36: APT Advanced Persistent Threat Time to rethink?...3 APT – Advanced Persistent Threat – Time to rethink? APT – Advanced Persistent Threat Definition “The term is commonly used

© 2012 Deloitte Hungary

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited

by guarantee, and its network of member firms, each of which is a legally separate and

independent entity. Please see www.deloitte.hu/about for a detailed description of the legal

structure of Deloitte Touche Tohmatsu Limited and its member firms.

© 2012 Deloitte Hungary.


Advanced Persistent Threat

Advanced Persistent Threat

Technology
APT(Advanced Persistent Threats) & strategies to counter APT

APT(Advanced Persistent Threats) & strategies to counter APT

Technology
Advanced persistent threats(APT)

Advanced persistent threats(APT)

Technology
Symantec Blogs - Licensed APT Protection - Market Quadrant 2020 · 2020. 4. 27. · THE RADICATI GROUP, INC. Advanced Persistent Threat (APT) Protection - Market Quadrant 2020 * *Radicati

Symantec Blogs - Licensed APT Protection - Market Quadrant 2020 · 2020. 4. 27. · THE RADICATI GROUP, INC. Advanced Persistent Threat (APT) Protection - Market Quadrant 2020 * *Radicati

Documents
Defending Against Advanced Persistent Threats · 2020. 10. 30. · THREAT RESEARCH Defending Against Advanced Persistent Threats As the name “Advanced” suggests, APT (advanced

Defending Against Advanced Persistent Threats · 2020. 10. 30. · THREAT RESEARCH Defending Against Advanced Persistent Threats As the name “Advanced” suggests, APT (advanced

Documents
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Tools [RootedCON 2010]

Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Tools [RootedCON 2010]

Technology
Advanced persistent threat (apt)

Advanced persistent threat (apt)

Education
Analysis of Advanced Persistent Threats (APT)

Analysis of Advanced Persistent Threats (APT)

Documents
Licensed APT Protection - Market Quadrant 2020...THE RADICATI GROUP, INC. Advanced Persistent Threat (APT) Protection - Market Quadrant 2020 * *Radicati Market QuadrantSM is copyrighted

Licensed APT Protection - Market Quadrant 2020...THE RADICATI GROUP, INC. Advanced Persistent Threat (APT) Protection - Market Quadrant 2020 * *Radicati Market QuadrantSM is copyrighted

Documents
Advanced Persistent Threat (APT) Life Cycle Management

Advanced Persistent Threat (APT) Life Cycle Management

Internet
Advanced Persistent Advanced Persistent Threat … Persistent Advanced Persistent Threat (APT) Threat (APT) Lethal Combination of Social Engineering and Technology June 6 th, 2011

Advanced Persistent Advanced Persistent Threat … Persistent Advanced Persistent Threat (APT) Threat (APT) Lethal Combination of Social Engineering and Technology June 6 th, 2011

Documents
APT (Advanced Persistent Threat)

APT (Advanced Persistent Threat)

Documents
AI and Security: Lessons, Challenges and Future Directions · Programming Languages, Architecture https: ... •Part 1. What AI can learn ... (APT = Advanced persistent threat, or

AI and Security: Lessons, Challenges and Future Directions · Programming Languages, Architecture https: ... •Part 1. What AI can learn ... (APT = Advanced persistent threat, or

Documents
Network Security Today: Finding Complex Attacks at 100Gb/sThe inaugural release of M-Trends focuses on the Advanced Persistent Threat (APT). MANDIANT defines the APT as a group of

Network Security Today: Finding Complex Attacks at 100Gb/sThe inaugural release of M-Trends focuses on the Advanced Persistent Threat (APT). MANDIANT defines the APT as a group of

Documents
Spear-Phishing Email: Most Favored APT Attack Bait · PAGE 1 | SPEAR-PHiSHiNG EMAiL: MOST FAVORED APT ATTACK BAiT IntroduCtIon Advanced persistent threat (APT) campaigns comprise

Spear-Phishing Email: Most Favored APT Attack Bait · PAGE 1 | SPEAR-PHiSHiNG EMAiL: MOST FAVORED APT ATTACK BAiT IntroduCtIon Advanced persistent threat (APT) campaigns comprise

Documents
APT Protection - Market Quadrant 2017€¦ · THE RADICATI GROUP, INC. Advanced Persistent Threat (APT) Protection - Market Quadrant 2017 * An Analysis of the Market for APT Protection

APT Protection - Market Quadrant 2017€¦ · THE RADICATI GROUP, INC. Advanced Persistent Threat (APT) Protection - Market Quadrant 2017 * An Analysis of the Market for APT Protection

Documents
Radicati APT Protection Market Quadrant 2020 - Cisco...THE RADICATI GROUP, INC. Advanced Persistent Threat (APT) Protection - Market Quadrant 2020 * *Radicati Market QuadrantSM is

Radicati APT Protection Market Quadrant 2020 - Cisco...THE RADICATI GROUP, INC. Advanced Persistent Threat (APT) Protection - Market Quadrant 2020 * *Radicati Market QuadrantSM is

Documents
TM - University of Texas at Dallasmuratk/courses/dbsec12f_files/trend... · 8 M aNDI NT M-Trends an evolving threat 9 historically, the advanced persistent Threat (apT)2 has used

TM - University of Texas at Dallasmuratk/courses/dbsec12f_files/trend... · 8 M aNDI NT M-Trends an evolving threat 9 historically, the advanced persistent Threat (apT)2 has used

Documents
Understanding advanced persistent threats (APT)

Understanding advanced persistent threats (APT)

Education
A persistent threat. Salafi jihadists

A persistent threat. Salafi jihadists

Presentations & Public Speaking
Endpoint Security - Market Quadrant 2017...sandboxing, endpoint detection and response (EDR), advanced persistent threat (APT) protection and more. For organizations of all sizes,

Endpoint Security - Market Quadrant 2017...sandboxing, endpoint detection and response (EDR), advanced persistent threat (APT) protection and more. For organizations of all sizes,

Documents
Assessing Outbound Traffic to Uncover Advanced … · Assessing Outbound Traffic to Uncover Advanced Persistent Threat Page 2 Executive Summary Advanced Persistent Threat (APT) exhibits

Assessing Outbound Traffic to Uncover Advanced … · Assessing Outbound Traffic to Uncover Advanced Persistent Threat Page 2 Executive Summary Advanced Persistent Threat (APT) exhibits

Documents
advanced persistent threat - Information Security Masters ... · PDF fileAdvanced Persistent Threat (APT) exhibits discerni ble attributes or patterns that can be monitored ... While

advanced persistent threat - Information Security Masters ... · PDF fileAdvanced Persistent Threat (APT) exhibits discerni ble attributes or patterns that can be monitored ... While

Documents
FaasT - Persistent Penetration · Innovation Security Day FaasT - Persistent Penetration. 2 Persistent APT Threat ... Worker Worker History. 9. 10 Resiliencia Persistencia. elevenpaths.com

FaasT - Persistent Penetration · Innovation Security Day FaasT - Persistent Penetration. 2 Persistent APT Threat ... Worker Worker History. 9. 10 Resiliencia Persistencia. elevenpaths.com

Documents
Zscaler Advanced Persistent Threat Protection · devices, and data exfiltration. Protect headquarters, branches and road warriors, all from the cloud APT attackers research and target

Zscaler Advanced Persistent Threat Protection · devices, and data exfiltration. Protect headquarters, branches and road warriors, all from the cloud APT attackers research and target

Documents
Advanced Persistent Threats (APT)

Advanced Persistent Threats (APT)

Documents
SECURITY - FireEye · PDF filecyber security. This BT/FireEye Advanced Threat Report for EMEA provides an overview of the advanced persistent threats (APT) targeting computer

SECURITY - FireEye · PDF filecyber security. This BT/FireEye Advanced Threat Report for EMEA provides an overview of the advanced persistent threats (APT) targeting computer

Documents
Advanced Persistent Threat vs Advanced Persistent Security · 2017-06-09 · Advanced Persistent Threat vs Advanced Persistent Security Ira Winkler, CISSP @irawinkler ira@securementem.com

Advanced Persistent Threat vs Advanced Persistent Security · 2017-06-09 · Advanced Persistent Threat vs Advanced Persistent Security Ira Winkler, CISSP @irawinkler [email protected]

Documents
APT - Advanced Persistent Threats

APT - Advanced Persistent Threats

Technology
APT Protection - Market Quadrant 2018THE RADICATI GROUP, INC. Advanced Persistent Threat (APT) Protection - Market Quadrant 2018 ∗ An Analysis of the Market for Revealing Top Players,

APT Protection - Market Quadrant 2018THE RADICATI GROUP, INC. Advanced Persistent Threat (APT) Protection - Market Quadrant 2018 ∗ An Analysis of the Market for Revealing Top Players,

Documents