Targeted attacks: from being a victim to counter attacking
- Type
- Slides
- Tags
- browser, exploiting, malware, malware analysis
- Authors
- Andrzej Dereszowski
- Event
- Black Hat EU 2010
- Indexed on
- Mar 26, 2013
- URL
- https://media.blackhat.com/bh-eu-10/presentations/Dereszowski/BlackHat-EU-2010-Dereszowski-Targeted-Attacks-slides.pdf
- File name
- BlackHat-EU-2010-Dereszowski-Targeted-Attacks-slides.pdf
- File size
- 1.4 MB
- MD5
- c65ed3b9f1b180f7cd4dbf09943cece2
- SHA1
- c30e468d8ef52ab843db4cec3c83ffd0cb1739b7
This presentation is an analysis of a common sort of targeted attacks performed nowadays against many organizations. As it turns out, publicly available remote access tools - RAT (which we usually call trojans) are frequently used to maintain control over the victim after a successful penetration. The presentation and the white paper do not focus on a particular exploitation techniques used in these attacks. Instead, they aim to get a closer look at one of the most popular remote access trojans. The presentation describes a way to figure out which particular trojan has been used. It shows the architecture, capabilities and techniques employed by developers of the identified trojan, including mechanisms to hide its presence in the system, and to cover its network trace. It speaks about tools and techniques used to perform this analysis. Finally, it presents a vulnerability analysis and a proof of concept exploit to show that the intruders could also be an object of an attack.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
