Opening Acts: How Attackers Get Their Big Breaks

Presented at BSidesDC 2014, Oct. 19, 2014, 10:30 a.m. (50 minutes)

Every security incident has to start somewhere. Sometimes the attacker gets into an organization via phishing. Other times they use SQL injection. Or, they may use an off-the-shelf exploit kit, mass malware, drive-by attack, ‘l33t 0-day exploits, access via other compromises, or some other technique like 2014’s vulnerability à la mode: HeartBleed™.

This presentation will provide a look at the recent trends and novel techniques we have seen in how attackers gain their initial foothold in victim networks. Specific case studies will be discussed that illustrate the types of vulnerabilities and systems targeted by attackers. Methods to prevent intrusions using the different vectors will also be covered, along with potential mechanisms to detect the attacks. For the penetration testers and other offensive minded individuals in the audience, we’ll also discuss the tools used by the attackers and how to replicate the incidents.

Presenters:

• Evan Peña - Consultant at Mandiant
  Evan Peña works at Mandiant (a FireEye Company) as a Consultant doing incident response, forensics, and penetration testing. Evan has years of experience in enterprise information technology administration, employing covert penetration testing to evaluate incident response procedures, and assessing enterprise network defense capabilities from the perspective of an attacker. In addition, Evan participates in security engagements of large government agencies and Fortune 500 companies. These networks consist of an online presence of hundreds of thousands of address space around the world.
• Chuck Willis - Senior Technical Director at Mandiant
  Chuck Willis is a Senior Technical Director with Mandiant (a FireEye Company) in Alexandria, Virginia. At Mandiant, Mr. Willis concentrates in application and network security, where he assesses the security of sensitive software and systems through penetration testing, static analysis, and "white box" review. His past experiences include study of source code analysis tools, security software engineering, computer forensics, network intrusion investigations, research, and tool development. Mr. Willis is the leader of the OWASP Broken Web Applications project, which distributes a virtual machine with known vulnerable web applications for testing and training.

Links:

• https://bsidesdc14.busyconf.com/schedule#activity_53b0df851e7f61e103000014

Similar Presentations:

• VB2019 / Discretion in APT: recent APT attack on crypto exchange employees
• VB2019 / The art of the cashout: the evolution of attacks on payment systems
• 31C3 (2014) / The Matter of Heartbleed: What went wrong, how the Internet reacted, what we can learn for the future