Top 10 2015-2016 compromise patterns observed & how to use non-traditional Internet datasets to detect & avoid them

Presented at DerbyCon 6.0 Recharge (2016), Sept. 23, 2016, 1 p.m. (50 minutes).

We have seen a consistent set of patterns in attacker behaviors, and breach targets, over the last year. We often see where adversaries are repeat offenders - reusing the same recon techniques, and the same threat infrastructure (in new ways), to attack the same target again - if the target continues to play whack-a-mole treating hardening systems and investigating breaches as one-off events. This presentation will focus on the common patterns of compromise, and adversarial behavior in the early stages of the “kill-chain”, leading up to the first attack. The goal for Red-teams & vuln-managers is to show how adversaries do recon and setup, to enable you to measure & manage your attack surface more realistically to how your adversaries will map it out. The goal for Blue-teams & IR is to show new patterns and pivots we see adversaries make, and what Internet security datasets you can use to pinpoint them.

Presenters:

• Arian J Evans
• James Pleger

Similar Presentations:

• GrrCON 2017 / Morphing to Legitimate Behavior Attack Patterns
• Wild West Hackin' Fest 2017 / Building a Successful Internal Adversarial Simulation Team
• May Contain Hackers (MCH2022) / Decoding the patterns of bad communication