Show filters Hide filters

Refine your search

Publication Year
Person found in the video
Organisation found in the video
1-4 out of 4 results
Change view
  • Sort by:
1:17:30 Technische Universität Darmstadt German 2015

Universelle Konsistenz des Kernschätzers, Teil 1

  • Published: 2015
  • Publisher: Technische Universität Darmstadt
  • Language: German
52:10 REcon English 2015

Totally Spies!

For some months now, there were rumors of cartoon-named malware employed in espionage operations. It actually started in March 2014 with a set of slides leaked from the Communications Security Establishment Canada (CSEC) -- Canada equivalent of NSA. CSEC then described to its spook friends a malware dubbed Babar by its authors, which they attributed "with moderate certainty" to a French intelligence agency. The group behind Babar is now commonly referred as "AnimalFarm" in antimalware industry, because Babar was only a small piece of a much bigger puzzle. Since CSEC slides' publication, a group of valorous adventurers, animated by the thrill of understanding complex malware operations, has been relentlessly following AnimalFarm's trail. Along its path, this group found several pieces of AnimalFarm's arsenal, for example stealthy Casper, exotic Bunny and even big ears Babar itself. This presentation aims at presenting the results of this group's research. In particular, we will provide a global picture on AnimalFarm's operations, and also delve into technical quirks of their malware. We will also explain how we assessed the connection between their various piece of software from a code reverse-engineering perspective, and what are the technical hints we found regarding attribution.
  • Published: 2015
  • Publisher: REcon
  • Language: English
41:28 DEF CON English 2016

Maelstrom: Are you playing with a full desk?

As a defender, have you ever been asked ‘do they win?’ How about ‘what products or capabilities should I buy to even the odds?’ Mapping the functionality to a standard list of desired capabilities only gets you so far. And, many vendors require an organization to pay for a framework, or for access to a framework, to enable tactical and strategic campaigns. Wouldn’t it be great to have an open source way to pick strategies? So what do you do? Build out your own defensive campaigns based on research, taxonomies and gameification. Building the attacker’s point of view is our expertise (at a CON). We have plenty of research here to talk about that point of view. How about building out the defender’s point of view based on the attacker’s life cycle? Defenders can use this as a defensive ‘compliment’ to begin a legitimate defensive campaign. Maybe the defender could even ‘gamify’ the approach? An attacker’s approach, a defender’s approach and a progressive life cycle with a defender’s set of targets built on things we all know, love and hate: project management. I think we have a game! Build out rules, much like real life, then bring on the attackers, bring on the defenders and play a little game to educate, demonstrate and evangelize. Watch strategies played by both attackers and defenders. Switch sides and learn to be a Purple Teamer! Digitize it and watch the game play people or even play itself; the true rise of the machine. Wanna Play?! Bio: Shane began his professional career with a large food manufacturer where he helped build and secure SCADA/ICS systems across 90+ food manufacturing plants in the US. From there he spent 6 years helping to develop and build the functionality of a security team for a large pharmaceutical distributor. Currently, he is the Chief Endpoint Security Architect for a Fortune 50 technology company. His interests reside in cyber resiliency techniques, internet of things, building/breaking things and muscle cars. To think, his 25+ year passion for all things geeky started with hacking the school library computer and getting detention. Shane is also a licensed attorney. Please don't hold this against him.
  • Published: 2016
  • Publisher: DEF CON
  • Language: English
42:30 DEF CON English 2018

BLUE TEAM VILLAGE - Endpoint Monitoring: With Free, and Open Source tools!

There is a rising trend within Threat actors to find newer, more effective and stealthy ways to attack and gain persistence in a network. One way to achieve this is by abusing legitimate software such as Windows Management Instrumentation and PowerShell. This is the case for Living Off the Land and Fileless threats. By using these techniques, attackers can distribute their malicious code bypassing software whitelisting and avoid antivirus detection. A method to detect these threats is by monitoring endpoints activity. However, this option comes with many challenges that range from getting enough system’s activity information to handle hundreds of events per second. In our research, we analyze this monitoring method and the design challenges involved in it. Furthermore, we propose a solution that aims to detect and alert when advance threats are identified in a system. In order to provide an endpoint monitoring system free of any vendor lock-in, this solution combines the capabilities of different open source projects as well as free tools. These include, Sysmon for monitoring system activity, Elastic Stack (ELK) to store and search the collected data, ElastAlert to trigger alarms and the Sigma Project to define the rules for the alarms. This highly customizable solution would enable organizations to hunt for threats inside their network or create rules that would automatically detect specific threats upfront.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
out of 1 pages
Loading...
Feedback

Timings

   55 ms - page object
   36 ms - search
    1 ms - highlighting
    1 ms - highlighting/36288
    1 ms - highlighting/39820
    1 ms - highlighting/32803
    1 ms - highlighting/34297

Version

AV-Portal 3.8.0 (dec2fe8b0ce2e718d55d6f23ab68f0b2424a1f3f)