Russian attack: Live demos of their steps, tools, techniques

Presented at TROOPERS16 (2016), March 17, 2016, 4 p.m. (Unknown duration).

We live-demo (as an attacker) many Russian crimeware that's never been disclosed before, including tools and techniques to: compromise legit sites, inject backdoor, inject malicious code, add botnet feature to existing malware, operate botnet, check antivirus detection rates, and circumvent security scanning. We then cover very effective means to defend against every stage of their kill chain.

Due to the amount of content to cover and the limited time, we won't be covering the basics like what's an exploit, what are exploit kits, what are TDSs, etc. At the same time because it's about understanding their tools, we'll be tracing through some source code (of their tools).


Presenters:

  • Wayne Huang
    Wayne Huang was Founder and CEO of Armorize Technologies, and is now VP Engineering at Proofpoint. Huang is a frequent speaker at security conferences, including BlackHat '10, DEFCON '10, RSA '07 '10 '14, SyScan '08, '09, OWASP '08, '09, Hacks in Taiwan '06 '07, WWW '03 '04, PHP '07 and DSN '04. A diligent blogger on cyberthreats, his posts have been covered by the most influential media. Into security since 7th grade, he has led teams to develop security products ranging from source code analysis, web application firewall, vulnerability assessment, exploit & malware detection, anti-malvertising, email security, and APT defense. He received his Ph.D. in EE from National Taiwan University, and his B.S. and M.S. in CS from NCTU. He holds two US patents on source code analysis.
  • Sun Huang
    Sun Huang is a Senior Threat Researcher at Proofpoint. He has more than 9 years of experience in information security. Sun has participated in many security contests, and was one of the top 10 researchers in Paypal's 2013 Bug Bounty Wall of Fame. He was also the third place AT&T bug reporter in 2013.

Links: