Presented at
Black Hat USA 2013,
Aug. 1, 2013, 3:30 p.m.
(60 minutes)
Defense and military network operations center around the age-old game: establishing long-term footholds deep inside a network. In this talk, we will discuss specific techniques and tactics observed while providing defensive incident response services to organizations compromised by foreign intelligence and defense agencies. The discussion will also incorporate the release and open-sourcing of several private projects used to identify pass-the-hash/impersonation attacks, including: a set of network monitoring daemons known as breachbox, part of which was funded by DARPA's Cyber Fast Track program; and an open-source tool and blueprint to help trojanize your own network to monitor and detect adversarial activity.
Presenters:
-
Eric Fiterman
- Spotkick
Eric is the founder and developer of cyber security startup Spotkick, a Software-as-a-Service platform for security analytics and intelligence. Eric has spent the last ten years in the security business, having worked as an FBI Special Agent, software developer, expert witness, and forensics instructor at BlackHat 2011. Eric has received several commendations and awards for his investigative work, including a service award from the United States Secret Service for his investigative contributions to law enforcement. Eric has been interviewed by CNN/Money, the Washington Post, and Bloomberg.com regarding cyber crime and technology, and has served as a guest lecturer on topics related to computer crime.
Links:
Similar Presentations: