SlideShare a Scribd company logo

APT Malware & Media

3S Labs, profile picture
3S Labs

The document discusses advanced persistent threats (APTs) targeting organizations with robust security measures, specifically focusing on the case of 'xyz.' It highlights the Miniduke exploit and the role of sophisticated techniques such as return-oriented programming (ROP) in executing targeted attacks. The document also emphasizes the evolution and proliferation of APTs, along with their implications in the digital landscape.

Technology
1 of 14
1
2
3
4
5
6
7
8
9
10
11
12
13
14
APT .. Malware and Media Entertainment for the Industry http://www.3slabs.com
Advanced Persistent Threat ?? • Target: Organization “XYZ” – Follows Security Best Practices – Regular Penetration Tests done – Empty report with Nessus, AppScan/Acunetix/... on their online assets I am a h4x0r and I have better and easier targets than “XYZ” I am an employee and my employer “demands” that I compromise “XYZ”
http://threatpost.tumblr.com/post/16467594167/whos-spying-on-whom-examples-include-hacks-of
The Popular “APT”s 2013 • • • • • • • • Red October APT1 MiniDuke TeamSpy Flame Duqu StuxNet [ …. Lot more .. ] Top countries with Online Resources seeded with Malware http://www.securelist.com/en/analysis/204792292/IT_Threat_Evolution_Q1_2013
The “supposedly” Father of APT You cannot blame it all on the CHINESE ANY MORE ! http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
Life of an “APT” Exploits R&D AV Evasion Payloads […] 0day Research Profiling Ops Monitoring Phishing Analysis Targeted Attacks […] Admin & Misc
An “APT” without “A”
The Role of Electronic Media
The Front-Line Defenses
The Front-Line Defenses
The Case of APT “proliferation” • The MiniDuke Exploit CVE-2013-0640 – Adobe Reader 0day Found-in-the-Wild – Highly Sophisticated Exploit • ASLR & DEP bypass using – Information Leak – Dynamic Return-Oriented-Programming (ROP) – First ‘public’ example of ROP-only Shellcode • Reliable Sandbox Escape http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/the-number-of-the-beast.html http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/its-a-kind-of-magic-1.html http://www.varanoid.com/security-vendors/mcafee/analyzing-the-first-rop-only-sandbox-escaping-pdfexploit/
The Case of APT “proliferation” This exploit was developed in TAG TEAM effort with
A “sample” APT Tool …..
Thank You For listening (being awake) adatta@3slabs.com @abh1sek

More Related Content

PDF
Spyware
Farheen Naaz
 
PPT
Owasp osint presentation - by adam nurudini
Adam Nurudini
 
PPTX
Basics of getting Into Bug Bounty Hunting
Muhammad Khizer Javed
 
PPT
spyware
Akhil Kumar
 
PDF
Osint
Kamal Rathaur
 
PPT
Viruses Spyware and Spam, Oh My!
Joel May
 
PPTX
Ethical hacking
Manish Mudhliyar
 
PPTX
Internet Security in Web 2.0
Arjunsinh Sindhav
 
Spyware
Farheen Naaz
 
Owasp osint presentation - by adam nurudini
Adam Nurudini
 
Basics of getting Into Bug Bounty Hunting
Muhammad Khizer Javed
 
spyware
Akhil Kumar
 
Osint
Kamal Rathaur
 
Viruses Spyware and Spam, Oh My!
Joel May
 
Ethical hacking
Manish Mudhliyar
 
Internet Security in Web 2.0
Arjunsinh Sindhav
 

What's hot (20)

PPTX
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
PDF
Open Source Intelligence (OSINT)
festival ICT 2016
 
PPT
Spyware
Babur Rahmadi
 
PPTX
Spyware and key loggers
Ganeshdev Chavhan
 
PDF
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
 
PPT
Ethical Hacking and Network Security
sumit dimri
 
PPT
Spyware
Ishita Bansal
 
PPTX
Datasploit - An Open Source Intelligence Tool
Shubham Mittal
 
PPT
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Akhil Sharma
 
PPTX
Bug bounty
Ramin Farajpour Cami
 
PDF
From OSINT to Phishing presentation
Jesse Ratcliffe, OSCP
 
PDF
Detecting Ransomware/Bot Infections in Elasticsearch
Aditya K Sood
 
PPTX
DLL Preloading Attack
securityxploded
 
PPTX
Web app security essentials
Rafał Hryniewski
 
PPT
Brucon presentation
wremes
 
PPT
Computer Virus
bebo
 
PDF
Rafeeq Rehman - Breaking the Phishing Attack Chain
centralohioissa
 
PPT
Hacking
blues_mfi
 
PPTX
DataSploit - BlackHat Asia 2017
Shubham Mittal
 
PDF
Osint primer
n|u - The Open Security Community
 
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
Open Source Intelligence (OSINT)
festival ICT 2016
 
Spyware
Babur Rahmadi
 
Spyware and key loggers
Ganeshdev Chavhan
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
 
Ethical Hacking and Network Security
sumit dimri
 
Spyware
Ishita Bansal
 
Datasploit - An Open Source Intelligence Tool
Shubham Mittal
 
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Akhil Sharma
 
Bug bounty
Ramin Farajpour Cami
 
From OSINT to Phishing presentation
Jesse Ratcliffe, OSCP
 
Detecting Ransomware/Bot Infections in Elasticsearch
Aditya K Sood
 
DLL Preloading Attack
securityxploded
 
Web app security essentials
Rafał Hryniewski
 
Brucon presentation
wremes
 
Computer Virus
bebo
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
centralohioissa
 
Hacking
blues_mfi
 
DataSploit - BlackHat Asia 2017
Shubham Mittal
 
Osint primer
n|u - The Open Security Community
 
Ad

Similar to APT Malware & Media (20)

PPTX
Amien Harisen - APT1 Attack
Indonesia Honeynet Chapter
 
PPTX
Advanced persistent threats
Japneet Singh
 
PDF
RSA: Security Analytics Architecture for APT
Lee Wei Yeong
 
PPTX
Catch Me If You Can - Finding APTs in your network
DefCamp
 
PDF
Advanced Persistent Threats Cutting Through The Hype
Symantec
 
PPTX
APT in the Financial Sector
LIFARS
 
PPTX
Common Techniques To Identify Advanced Persistent Threat (APT)
Yuval Sinay, CISSP, C|CISO
 
PPTX
Advanced Persistent Threats
ESET
 
PDF
Apt zero day malware
aspiretss
 
PPTX
Understanding advanced persistent threats (APT)
Dan Morrill
 
DOCX
APTs can you catch’em all
ITrust - Cybersecurity as a Service
 
PDF
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Trend Micro
 
PDF
Advanced Persistent Threats: How They Sneak In and Stay Hidden
BORNSEC CONSULTING
 
PPTX
Cyber espionage nation state-apt_attacks_on_the_rise
Cyphort
 
PDF
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer
 
PDF
Understanding Advanced Cybersecurity Threats for the In-House Counsel
Adam Palmer
 
PDF
Apt sharing tisa protalk 2-2554
TISA
 
PDF
Advanced Persistent Threats in Cybersecurity – Cyber Warfare
Nicolae Sfetcu
 
PPTX
International Cooperative: APT Hunting
Joshua Lawton, MBA
 
PPTX
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Amien Harisen - APT1 Attack
Indonesia Honeynet Chapter
 
Advanced persistent threats
Japneet Singh
 
RSA: Security Analytics Architecture for APT
Lee Wei Yeong
 
Catch Me If You Can - Finding APTs in your network
DefCamp
 
Advanced Persistent Threats Cutting Through The Hype
Symantec
 
APT in the Financial Sector
LIFARS
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Yuval Sinay, CISSP, C|CISO
 
Advanced Persistent Threats
ESET
 
Apt zero day malware
aspiretss
 
Understanding advanced persistent threats (APT)
Dan Morrill
 
APTs can you catch’em all
ITrust - Cybersecurity as a Service
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Trend Micro
 
Advanced Persistent Threats: How They Sneak In and Stay Hidden
BORNSEC CONSULTING
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyphort
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer
 
Understanding Advanced Cybersecurity Threats for the In-House Counsel
Adam Palmer
 
Apt sharing tisa protalk 2-2554
TISA
 
Advanced Persistent Threats in Cybersecurity – Cyber Warfare
Nicolae Sfetcu
 
International Cooperative: APT Hunting
Joshua Lawton, MBA
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Ad

Recently uploaded (20)

PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Approach and Philosophy of On baking technology
30anthuong17
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 

APT Malware & Media

  • 1. APT .. Malware and Media Entertainment for the Industry http://www.3slabs.com
  • 2. Advanced Persistent Threat ?? • Target: Organization “XYZ” – Follows Security Best Practices – Regular Penetration Tests done – Empty report with Nessus, AppScan/Acunetix/... on their online assets I am a h4x0r and I have better and easier targets than “XYZ” I am an employee and my employer “demands” that I compromise “XYZ”
  • 4. The Popular “APT”s 2013 • • • • • • • • Red October APT1 MiniDuke TeamSpy Flame Duqu StuxNet [ …. Lot more .. ] Top countries with Online Resources seeded with Malware http://www.securelist.com/en/analysis/204792292/IT_Threat_Evolution_Q1_2013
  • 5. The “supposedly” Father of APT You cannot blame it all on the CHINESE ANY MORE ! http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
  • 6. Life of an “APT” Exploits R&D AV Evasion Payloads […] 0day Research Profiling Ops Monitoring Phishing Analysis Targeted Attacks […] Admin & Misc
  • 8. The Role of Electronic Media
  • 11. The Case of APT “proliferation” • The MiniDuke Exploit CVE-2013-0640 – Adobe Reader 0day Found-in-the-Wild – Highly Sophisticated Exploit • ASLR & DEP bypass using – Information Leak – Dynamic Return-Oriented-Programming (ROP) – First ‘public’ example of ROP-only Shellcode • Reliable Sandbox Escape http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/the-number-of-the-beast.html http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/its-a-kind-of-magic-1.html http://www.varanoid.com/security-vendors/mcafee/analyzing-the-first-rop-only-sandbox-escaping-pdfexploit/
  • 12. The Case of APT “proliferation” This exploit was developed in TAG TEAM effort with
  • 13. A “sample” APT Tool …..
  • 14. Thank You For listening (being awake) adatta@3slabs.com @abh1sek