[Owasp-salt_lake] Advanced Persistent Threat talk at BYU

Cameron Morris cam.morris at gmail.com
Fri May 13 17:25:04 EDT 2011


Here is a nice presentation on Advanced Persistent Threat:
https://cs.byu.edu/colloquia/2011-03-08

Examples of APT are the stolen authentication code from Google in China,
and the RSA securID token secrets a couple months ago.

His most experience is with China and says they are years ahead.  But
that the majority of the attacks are combinations of well known
techniques:
- To get in the door:
  - Common web vulnerabilities such as SQL-injection
  - Targeted Spear-phishing to get in the door
    - look for the weak link - social engineering
      - Under-appreciated: CXO that is not the head-guy, but thinks he
should be.  Usually has admin creds
      - Job opportunities
      - Porn
- Viruses, backdoors, and malware that disables the AV.
- Obtain credentials, spread to as many systems as possible
- Encrypt, and hide the documents to steal.
- slowly leak documents off site, sent out on 443.

Notable quotes:
"There are groups that we've dealt with that are not sloppy, and they
will never get caught, because they are that good"

On Pen-testing: "Where the need exists today, is not for guys to be
penetration testers, thats a secondary attribute that we like, but what
we really like are defenders that know how to defend.  That's hard.  ...
STIGS, if you know how to configure a web server in accordance with a
STIG ...thats the guy that I'm going to pay the most money to.."

"Hackers are bored with our military, they got what they got...Their
biggest targets are intellectual property and research, which are
universities and corporations."


More information about the Owasp-salt_lake mailing list