APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for: How advanced threat actors learn and change with innovation in security defense and constant APT reports, and how we can get better

Presented at 32C3 (2015), Dec. 27, 2015, 11 p.m. (60 minutes).

With the advancement of defensive security and the constant release of research papers into their toolsets, advanced threat actors have had to adapt with new operational security practices, as well as with new technology.

With the advancement of defensive security and the constant release of research papers into their toolsets, advanced threat actors have has to adapt with new operational security practices, as well as with new technology.

Examples of this are how long it takes for a threat actor to take its operation offline once a public report of it's tools is getting released, or the technology it may be using to cope when its expensive code base that has taken years of development suddenly becomes public property.

Two quick examples are the geographical distribution of attacks, which are often (mis)used in attribution, and the use of cryptography for reuse of now public code bases.


Presenters:

  • Inbar Raz
    Inbar has been teaching and lecturing about Internet Security and Reverse Engineering for nearly as long as he has been doing that himself, since the age of 14. He spent most of his career in the Internet Security field, and the only reason he's not in jail right now is because he chose the right side of the law at an earlier age. Inbar specializes in outside-the-box approach to analyzing security and finding vulnerabilities. Inbar has been teaching and lecturing about Internet Security and Reverse Engineering for nearly as long as he has been doing that himself. He started programming at the age of 9 on his Dragon 64. At 13 he got a PC, and promptly started Reverse Engineering at the age of 14 and through high-school he was a key figure in the Israeli BBS scene. He spent most of his career in the Internet Security field, and the only reason he's not in jail right now is because he chose the right side of the law at an earlier age. Inbar specializes in outside-the-box approach to analyzing security and finding vulnerabilities. Since late 2011, he has been running the Malware and Security Research at Check Point, using his extensive experience of over 20 years in the Internet and Data security fields. He has presented at a number of conferences, including Kaspersky SAS, Hack.lu, ZeroNights, ShowMeCon, and several Law Enforcement events.
  • Gadi Evron
    Gadi is CEO and founder of Cymmetria, a cyber security startup, Chairman of the Board of the Israeli CERT and Founding Chairman of the Cyber Threat Intelligence Alliance. Formerly Gadi was VP at Kaspersky, and helped coordinate global incident response and information sharing. He is widely recognized for his work in internet security operations and global incident response, considered the first botnet expert. He specializes in corporate security, cyber intelligence and cyber crime. He was previously VP of Cybersecurity Strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. Prior to that Gadi was CISO for the Israeli government Internet operation, founder of the Israeli Government CERT and is a research fellow at the Yuval Ne`eman Workshop for Science, Technology and Security, at Tel Aviv University, working on cyber warfare projects. Gadi authored two books on information security, organizes global professional working groups, chairs worldwide conferences, and is a frequent lecturer.

Links:

Similar Presentations: