1 / 20

Technology Deathmatch The arms race is on

Technology Deathmatch The arms race is on. Sean M. Bodmer, CEH, CISSP, NCIA Chief Researcher Counter-Exploitation Intelligence CounterTack. Who is this tool?. Sean M. Bodmer, CISSP, CEH, NCIA Arrested @16 years of age for hacking NASA and 3 other . gov networks

jorryn
Download Presentation

Technology Deathmatch The arms race is on

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Technology DeathmatchThe arms race is on Sean M. Bodmer, CEH, CISSP, NCIA Chief Researcher Counter-Exploitation Intelligence CounterTack

  2. Who is this tool? • Sean M. Bodmer, CISSP, CEH, NCIA • Arrested @16 years of age for hacking NASA and 3 other .govnetworks • Yes, it did put a damper on my life for a few years • >50% of my time spent in non-gov’t based clandestine cyber operations • 2012 – Helped US Entities seize and recuperate > $6M USD • Brief Bio • Over 16 Years in IT Systems Security • Over 10 Years in Intelligence and Counter-Intelligence Operations • Lectured at numerous Industry Conferences • Co-Authored 2 Books w/McGraw-Hill (writing 2 more) • Quoted and Named in > 400 • Magazines, newspapers, radio, and tv-news • CounterTack, Inc. • Focused on in-progress detection and attribution of threats • Develops and deploys custom high-interaction honeypots • Provides customers tailored Threat Intelligence Services • Knowledge Bridge Intelligence, Inc • US IO Subject Matter Expert

  3. There is more than one • Distribution/Delivery (MAS) • Specialized distribution network • Attracts and infects victims • Global & targeted content delivery • Delivery through Spam/drive-by/USB/etc. • Offers 24x7 support • Author(s) • Original malware creator(s) • Offer malware “off-the-rack” or custom built • May offer DIY construction kits • Money-back guarantee if detected • 24x7 support • Leader • Individual or criminal team • Maintains and controls order • Holds admin credentials • Resilience/Recovery (MAS) • Provides C&C resilience services • Anti-takedown network construction • Bullet-proof domain hosting • Fast-flux DNS services • Offers 24x7 Support • Operator • Operates a section • Issues commands • May be the leader

  4. Cloud as a Service Model • YES, criminals are mirroring our e-biz models

  5. Malware As A Service

  6. Malware As A Service

  7. Malware As A Service

  8. Malware As A Service

  9. Boundary/ Perimeter

  10. Host/End-point

  11. Host/End-point

  12. The Arbitrary Icon THIS DOES NOT MEAN YOU ARE SAFE !!!

  13. Today’s Problem Set • Almost all discoveries are post-mortem • Next day or countless days later • Generally, through laborious manual analysis • Easily detectable over time • Static defenses can be identified by skilled adversaries • Difficult to use • Heavily dependent on human expertise • Staging and maintaining honeynets • Manual reporting and analysis • Manual correlation between data sources

  14. Let’s Look @ Something • What can one find when p0wning bad-actors? Carberp Source Code Leak

  15. Questions?? sbodmer@countertack.com Twitter@Spydurw3b Skype @Crypt0k1d

More Related