A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Chasing the Adder... A Tale from the APT world - Stefano Maccaglia NolaCon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Chasing the Adder... A Tale from the APT world
Stefano Maccaglia

In August 2017, a targeted attack was attempted against a well-established corporation. The attack was carried out using innovative exploitation methods and unknown and heavily packed malware. The first stage of the attack was exploiting websites, but once the attacker established a beachhead he dropped his arsenal and started a complex and innovative tactic importing and executing his tools together with a Sandboxie DLL. The DLL was used to bypass the signature and defuse security controls such as the Antivirus, the Host Intrusion Prevention System and Windows Security controls. The adoption of this undocumented technique allow the attacker to implant his heavily packed malware and start harvesting data from the Company. This is our story… the story starts from a strange webpage loaded by a user and goes along for the entire investigation and remediation processes, where a team of specialists hired to fight an unknown attacker who has already taken the upper hand upon several segments of the corporate network. The presentation will show the initial exploitation method, the subsequent tools used by the attacker to move laterally to core networks and the technique adopted by the Adversary to implant his malware to the core systems.

Recorded at NolaCon 2018

Back to NolaCon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast