The Neverending Story… an APT real case!

Presented at BalCCon2k22 - Loading (2022), Sept. 23, 2022, 7 p.m. (45 minutes)

How many of you have been involved in an incident response of an APT? Have you had the feeling that continuously this is the neverending story, like an infinite loop? Sometimes, in United Nations we have faced some interesting challenges. So, in this talk, you will see a real case of an APT in UN, deepening in detection, containment and remediation phases, giving you [almost] all technical details. It is quite relevant to show up that having powerful capacities in cyber security is key to prevent this kind of incidents. But, in any case… will we be safe in the end? Or... Are we completely sure that we have identified all systems that were compromised by the adversary, and properly remediated their activity?

Presenters:

• Sandra Bardón
  Red team leader, pentester, researcher, lecturer and previously Blue teamer (DFIR and threat hunting). Sandra is an ITC engineer, GXPN, OSCE, OSCP, … with more than 14 years of experience in cyber security, leading different kind of projects like pentesting and exercises about Red teaming, Purple teaming, and Table-top. Always helping to many organisations like NATO CCDCOE, Spanish Joint Cyber Defence Command and currently in United Nations (UNICC). A real challenges lover!

Links:

• https://cfp.balccon.org/balccon2k22/talk/MXDKZK/
• https://infocon.org/cons/BalCCon/BalCCon 2k22/Sandra Bardón - The NeverEnding Story - an APT real case.mp4
• https://infocon.org/cons/BalCCon/BalCCon 2k22/Sandra Bardón - The NeverEnding Story - an APT real case.eng.srt (subtitles)

Similar Presentations:

• DEF CON 19 (2011) / Balancing The Pwn Trade Deficit - APT Secrets in Asia
• VB2016 / APT Reports and OPSEC Evolution, or: These Are Not the APT Reports You Are Looking For
• Kawaiicon 2 (2022) Rescheduled / Deep breaths and lean the f**k in. A user's guide to Incident Response.