We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

BAB0: A custom sample that bypassed cutting-edge APT attack detection tools

9
 Cite
 Share
 Related Material
 Download
 Purchase
Logo of HacktivityHacktivity
 Bencsáth, Boldizsár Buttyán, Levente Ács-Kurucz, Gábor Kamarás, Roland Molnár, Gábor Balázs, Zoltán

Formal Metadata

Title
BAB0: A custom sample that bypassed cutting-edge APT attack detection tools
Alternative Title
BAB0: Egy speciális minta, amely megkerülte a legmodernebb APT támadáserzékelo eszközöket
Title of Series
Part Number
28
Number of Parts
29
Author
License
CC Attribution 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
In this talk, we present BAB0, a custom sample that we developed for testing purposes and that bypassed 5 cutting-edge APT attack detection tools. We explain why BAB0 escaped detection both in the phase of infecting the victim and later during continuous communications with a remote C&C server. We show the tricks that we designed and implemented in BAB0 and try to make some demonstrations as well. We also elaborate on the problems of testing anti-APT products in general, and give some hints on new testing methodologies that are currently emerging within the AV test community.