Learn, hack!

URL

https://media.blackhat.com/bh-us-10/presentations/Parker/BlackHat-USA-2010-Parker-Finger-Pointing-for-Fun-Profit-and-War-0.2-slides.pdf

File name

BlackHat-USA-2010-Parker-Finger-Pointing-for-Fun-Profit-and-War-0.2-slides.pdf

File size

428.2 KB

MD5

89733ea9cd2bbb7b525991faf72ba048

SHA1

c1f819502d74ef570063f3a73bf012bfa4ebff9e

Recent incidents commonly thought to be linked to state sponsored activities have given rise to much discussion over the reliability of technical analysis as a source for adversary attribution - specifically in regards to what is commonly termed as the Advanced Persistent Threat (or APT). We now live in a world where the reverse engineering of a malicious binary, or analysis of a compromised host may very well play into a world-changing decision, such as whether a country should declare war on another - or indeed, whether it is no longer viable for a large, multinational corporation to continue doing business in a given part of the globe. This talk will discuss in depth the merits and demerits of technical analysis; demonstrating ways in which various techniques including static binary analysis and memory forensics may be utilized to build a granular profile of the adversary, and where the same techniques may fall short. The presentation will discuss detailed characterization matrix that can be leveraged to assess and even automate assessment of multiple aspects of the adversary (such as motive, technical skill, technological research resources) that may all play into the way in which we respond to an incident, or reposition ourselves to handle a specific threat over in long term.