Making Attacks Go Backwards

Presented at ToorCon San Diego 15 (2013), Oct. 20, 2013, 12:30 p.m. (20 minutes)

Imagine a pentest where there is no scope, no time restraints, and no budget. How would you do it? Would you write your own tools? Would you get detected? And if you did would they know what you stole and what was owned? As time went on, would you get lazy? It sounds like a dream gig for most pentesters out there and lucky for some threat actors, this is the 9 to 5 job. By now I shouldn't have to mention the advanced persistent buzzword for you to know what I'm are talking about. Targeted threat actors are people too, they make mistakes, their judgement is bad sometimes, they get lazy, and sometimes their skills are bad and they should feel bad. In this talk we will cover how attacker tactics can leave behind obvious evidence, how their tools can be identified and analyzed quickly, and how the human side of every attacker can lead to some great lulz. Attendees should leave armed with a variety of examples from the trenches of incident response and malware analysis that will give them an edge against the less advanced of advanced attackers. Key takeaways will include tips and tricks for identifying and reverse engineering malware and utilities used in targeted attacks as well as the forensic evidence they leave behind.


  • Josh Schwartz / FuzzyNop as FuzzyNop
    FuzzyNop is a computer who knows how to computer. As a child his computers always told him he should do computers. At his day job he's a penetration tester, reverse engineer, and incident responder, but above all elseā€¦ computer.