A deep look into a Chinese advanced attack. Understand it, learn from it and how to detect and defend against attacks like this.

Presented at BSidesDC 2015, Oct. 18, 2015, 10:30 a.m. (50 minutes).

Many say the Chinese are behind many attacks on US companies. In this case, it is true. The Chinese have been successfully attacking this industry for years. We managed to detect and eradicate their attacks year after year and they up their game each time. The latest attack is more sophisticated and avoided many techniques we used to detect them in the past, but not all. What if I were to tell you that I could infect your management, backup and Anti-Virus software and use it to persist my malware on reboot? This talk will describe what the malware did, how it works, where it hides, how it persisted and how we detected it. We must learn from and understand advanced attacks to better defend ourselves from these persistent adversaries. This talk will discuss what tools worked and why as well as walk you through what the malware did in detail.


Presenters:

  • Michael Gough - Founder at Malware Archaeology
    Michael, is a Malware Archaeologist, Information Security professional, blue team defender and logoholic. Michael developed the “Malware Management Framework” to improve malware discovery and detect and response capabilities. Michael also authored the “Windows Logging Cheat Sheet” to help the security industry understand Windows logging, where to start and what to look for. Michael’s responsible disclosures involve cardkey system exploits and vulnerabilities with leading security products. Michael has also Michael’s background includes 20 years of security consulting for Fortune 500 organizations with HP, health care, financial and gaming industries. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons. Now Michael defends against malefactors and ne’er-do-weller’s trying to p0wn their employer’s assets.

Links:

Similar Presentations: