SlideShare a Scribd company logo

Apt sharing tisa protalk 2-2554

TISA
TISA
Technology
1 of 31
Download to read offline
Advanced Persistent Threats <APT> โดย ไชยกร อภิวัฒโนกุล, CISSP, CSSLP, GCFA, IRCA:ISMS Chief Executive Officer, S-Generation Co., Ltd. © 2011 S-Generation Co., Ltd.
Name: Chaiyakorn Apiwathanokul ไชยกร อภิวัฒโนกุล Title: Chief Executive Officer Company: S-GENERATION Company Limited Asia Forensic Hub Company Limited Certificates: CISSP, CSSLP, IRCA:ISMS (ISO27001), SANS:GCFA • CSO ASEAN Award 2010 by Ministry of Information and Communications and Ministry of Public Security, Vietnam • Honoree in the Senior Information Security Professional category for the 2010 Asia-Pacific Information Security Leadership Achievements (ISLA) by (ISC)2 • Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544) • Contribute to Thailand Cyber Crime Act B.E.2550 • Workgroup for CA service standard development • Committee of national standard adoption of ISO27001/ISO27002 • Committee of Thailand Information Security Association (TISA) • Committee of Cybersecurity workforce development, Division of Skill Development, Ministry of Labour chaiyakorna@hotmail.com • Advisor to Department of Special Investigation (DSI) 1997 1999 2000 2004 2006 2011
AGENDA 1. About APT 2. Night Dragon Attack 3. Other case study 4. Solutions Partnership © 2011 S-Generation Co., Ltd.
New malware growth from Q1 2010 through Q1 2011 © 2011 S-Generation Co., Ltd.
Malware Growth Nearly Twenty Million New Malware Threats in 2010 © 2011 S-Generation Co., Ltd.
Malware Development Toolkit © 2011 S-Generation Co., Ltd.
About APT APT = Advanced Persistent Threat ่ ่ จากกรณี ศึกษามากมายที่ปรากฏ อยูในหน้าข่าวไม่วาจะเป็ น Google , Night Dragon Attack , RSA และ SONY Play Station Network ที่ถูกบุกรุ กเข้าไปขโมยข้อมูลสาคัญออกมานั้น นักวิชาการทัว ่ โลกได้ลงความเห็นว่าเกิดจาก ปฏิบติการในลักษณะเดียวกันที่เรี ยกว่า Advanced Persistent Threat ั หรื อ APT ซึ่งมีความซับซ้อนและใช้วธีการที่ล้ าสมัยในการบุกรุ ก ยากที่จะตรวจจับได้โดยง่าย ิ จึงจาเป็ นที่ตองเรี ยนรู้ทาความเข้าใจลักษณะการเกิดขึ้นของปั ญหา เพื่อนาไปสู่ การพิจารณาสรรหา ้ เทคโนโลยีและกระบวนการ ที่เหมาะสม เข้ามาช่วยกันการบริ หารจัดการ © 2011 S-Generation Co., Ltd.
What is APT? • Advanced – All possible available techniques (or new) – Coordinated – Both well-know and UKNOWN (0-day) vulnerabilities – Multiple phases • Persistent – Here to stay – Not by accident (targeted) – Specific mission – Polymorphic (for signature-base evasion) – Dormant(able) • Threat – Organized and funded and motivated • Highly sophisticated – dedicated "crews" with various missions • Targeted – State-sponsored – Cyberwarfare • Steal Information © 2011 S-Generation Co., Ltd.
APT is used for … • Political objectives that include continuing to suppress its own population in the name of "stability.“ • Economic objectives that rely on stealing intellectual property from victims. Such IP can be cloned and sold, studied and underbid in competitive dealings, or fused with local research to produce new products and services more cheaply than the victims. • Technical objectives that further their ability to accomplish their mission. These include gaining access to source code for further exploit development, or learning how defenses work in order to better evade or disrupt them. Most worringly is the thought that intruders could make changes to improve their position and weaken the victim. • Military objectives that include identifying weaknesses that allow inferior military forces to defeat superior military forces. The Report on Chinese Government Sponsored Cyber Activities addresses issues like these. © 2011 S-Generation Co., Ltd.
Some Characteristic of APT • Named in 2008 by US Air Force • As security jargon when Google describe the attack on 2009 • Advanced – Coordinated – Multi-phases • High expertise/knowledge/skill in each phase unlikely to be in one single individual • Highly crafted for specific target organization or individual • Period of operation in weeks, months or years • Not easy to detect © 2011 S-Generation Co., Ltd.
Some Characteristic of APT • Phases of the operation • Target selection • Vulnerability identification • Domain contamination • Information ex-filtration • Intelligence analysis • Exploitation © 2011 S-Generation Co., Ltd.
Some Characteristic of APT • Expert advise – Defense-in-Dept – Multiple layers of protection – Multiple compartments © 2011 S-Generation Co., Ltd.
Some facts about APT Because APT malware is so difficult to detect, simple malware signatures such as MD5 hashes, filenames, and traditional anti-virus methods usually yield a low rate of true positives. © 2011 S-Generation Co., Ltd.
Big Challenges in APT are… • Detection • Analysis • Containment © 2011 S-Generation Co., Ltd.
Thing to Consider for Resolution • Educate users who has access to the infrastructure and critical information • Evaluate network security posture • Work with expert in case of incident or under suspicious • Automated situational awareness tool • Rapid deployment of countermeasures • Focus more on the detective measure • Focus more on what leaving out (ex-filtration) from your network • White-listing your environment © 2011 S-Generation Co., Ltd.
Case Studies • Night Dragon • Ghost Net (Electronic Spy Network Focused on Dalai Lama and Embassy Computers) • Aurora (China vs. Google) • NASDAQ • RSA • Stuxnet • Sony Play Station Network (PSN) © 2011 S-Generation Co., Ltd.
Night Dragon Attack “Night Dragon” attacks from China strike energy companies • Exxon Mobil, Royal Dutch Shell and BP were among the oil companies targeted • The intrusions targeted intellectual property and have been going on for as long as 2-4 years • The oil, gas and petrochemical companies targeted were hit with technical attacks on their public-facing Web sites. • It happens during 9am-5pm local Beijing time. © 2011 S-Generation Co., Ltd.
© 2011 S-Generation Co., Ltd.
Operation Aurora • China vs. Google • politically motivated attacks against Gmail from China • Censorship • Government Eavesdropping/Privacy • Backdoor • zero-day flaw in Internet Explorer © 2011 S-Generation Co., Ltd.
Spear-Phishing © 2011 S-Generation Co., Ltd.
STUXNET • Discovered late June 2010 • A computer worm that infects Windows computers • It primarily spreads via USB sticks, which allows it to get into computers and networks not normally connected to the Internet • Use both known and patched vulnerabilities, and four "zero-day exploits” • Target Siemens PLC • Reads and changes particular bits of data in the PLCs • It’s claimed to target Iranian powerplant © 2011 S-Generation Co., Ltd.
What happen with Sony PlayStation … @2011 S-GENERATION CO., LTD
RSA’s SecureID Security Breach! RSA has not yet divulged specifics about the APT attack of which it has found evidence and says it's now interacting with customers of its SecurID product on the situation. But security analysts are also quickly trying to size up the situation, advising their clientele who are RSA customers about a stance they might take. http://www.pcworld.com/businesscenter/article/222554/rsas_securid_security_breach_what_s hould_you_do.html#tk.mod_rel @2011 S-GENERATION CO., LTD
RSA’s SecureID Security Breach! Microsoft Excel is used to distribute malicious SWF file (“2011 Recruitment plan.xls”) via email to specific users at RSA. (Perhaps other specific targets as well, an approach known as “spear phishing.”) A malicious SWF file installs a customized variant of the Poison Ivy remote administration tool (RAT) on the compromised machine. (Using a customized variant makes signature-based malware detection of the RAT ineffective; see FireEye Malware analysis of a.exe.) Using the RAT, users’ credentials are harvested and used to access other machines within the RSA network. These other machines are searched, sensitive information was copied and transferred to external servers. @2011 S-GENERATION CO., LTD
RSA Breached • 2011 Recruitment plan.xls with malicious .swf file embeded • spear phishing • Customized variant Poison Ivy remote administration tool (RAT) • March 14, 2011 - Adobe issues security advisory and patch schedule, warning of a vulnerability (APSA11-01, CVE-2011- 0609, SecurityFocus BID 46860) • March 16, 2011 - Microsoft adds Exploit:SWF/CVE-2011-0609 detection for malicious SWF file. • March 17, 2011 - RSA warns SecurID customers after company is hacked, offers guidance. © 2011 S-Generation Co., Ltd.
Many Other Cases • Night Dragon • Ghost Net (Electronic Spy Network Focused on Dalai Lama and Embassy Computers) • Aurora (China vs. Google) • NASDAQ • RSA • Stuxnet • Sony Play Station Network (PSN) © 2011 S-Generation Co., Ltd.
About S-Generation “The Trusted Partner … to Conquer Advanced Digital Threats” • Cybersecurity Solutions Distribution in Thailand and ASEAN • Advanced Persistent Threats Solution • Mobile Security Solution • Application Security Solution • Information Security Consultancy • Incident Response, Recovery & Investigation • Industrial Control System Security (SCADA/DCS/BAS/Embedded) © 2011 S-Generation Co., Ltd.
About S-Generation © 2011 S-Generation Co., Ltd.
Welcome to S-Generation Channel on YouTube http://www.youtube.com/user/ SGenerationChannel © 2011 S-Generation Co., Ltd.
About AFH Product • Planning session ( Plan of Action) • On-Site Support Professional • Document & File Discovery Service • Preservation of Evidence • Data Recovery & Analysis • Expert Reporting • Post – investigation Reports with Recommendations • Digital Media Sanitization © 2011 S-Generation Co., Ltd. CONFIDENTIAL TO AFH & PTTICT
Thank You © 2011 S-Generation Co., Ltd.

Recommended

Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 

Recommended

Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)Network Intelligence India
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot EssentialsAnton Chuvakin
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cyclepenetration Tester
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attackintegritysolutions
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 introKhawar Nehal khawar.nehal@atrc.net.pk
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02ragibhasan
 
чынгыз айтматов Small
чынгыз айтматов Smallчынгыз айтматов Small
чынгыз айтматов SmallKamchibekova Rakia
 

More Related Content

What's hot

Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 

What's hot (20)

Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attack
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 

Viewers also liked

600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02ragibhasan
 
чынгыз айтматов Small
чынгыз айтматов Smallчынгыз айтматов Small
чынгыз айтматов SmallKamchibekova Rakia
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Venkatesh Prabhu
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyMariangeles Rivera
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...Marco Balduzzi
 
Softworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateSoftworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateEnterprise Softworx Solutions
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряАсылбек Айтматов
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in CloudSanoj Kumar
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Marco Balduzzi
 
Cctk support for setting hdd password
Cctk support for setting hdd passwordCctk support for setting hdd password
Cctk support for setting hdd passwordartisriva
 
TUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMTUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMika aprilia
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingMarco Balduzzi
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 

Viewers also liked (20)

600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02
 
чынгыз айтматов Small
чынгыз айтматов Smallчынгыз айтматов Small
чынгыз айтматов Small
 
Christmas
ChristmasChristmas
Christmas
 
Adauga un text
Adauga un textAdauga un text
Adauga un text
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
 
Presentation1
Presentation1Presentation1
Presentation1
 
Softworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateSoftworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation Template
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in Cloud
 
Why AIS is not always enough
Why AIS is not always enoughWhy AIS is not always enough
Why AIS is not always enough
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
 
Cctk support for setting hdd password
Cctk support for setting hdd passwordCctk support for setting hdd password
Cctk support for setting hdd password
 
Personal informatic
Personal informaticPersonal informatic
Personal informatic
 
Possessive adjectives
Possessive adjectivesPossessive adjectives
Possessive adjectives
 
TUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMTUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEM
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User Profiling
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 

Similar to Apt sharing tisa protalk 2-2554

Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020tmbainjr131
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementjustinkallhoff
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security MonitoringAnton Goncharov
 
ISC2014 Beijing Keynote
ISC2014 Beijing KeynoteISC2014 Beijing Keynote
ISC2014 Beijing KeynoteCyphort
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking BadNUS-ISS
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sectorCore Security
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Team Sistemi
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Skeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited ApplicationsSkeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited ApplicationsDenim Group
 

Similar to Apt sharing tisa protalk 2-2554 (20)

Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
 
ISC2014 Beijing Keynote
ISC2014 Beijing KeynoteISC2014 Beijing Keynote
ISC2014 Beijing Keynote
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking Bad
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Skeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited ApplicationsSkeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited Applications
 

More from TISA

Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554
Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554
Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554TISA
 
Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554TISA
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554TISA
 
Human capital in it security TISA Pro-Talk_4-2554
Human capital in it security TISA Pro-Talk_4-2554Human capital in it security TISA Pro-Talk_4-2554
Human capital in it security TISA Pro-Talk_4-2554TISA
 
Afta and labour article 14 tisa pro talk 4-2554
Afta and labour article 14 tisa pro talk 4-2554Afta and labour article 14 tisa pro talk 4-2554
Afta and labour article 14 tisa pro talk 4-2554TISA
 
Final Agenda_TISA Pro-Talk_3-2554
Final Agenda_TISA Pro-Talk_3-2554Final Agenda_TISA Pro-Talk_3-2554
Final Agenda_TISA Pro-Talk_3-2554TISA
 
TISA Pro-Talk_1-2554-Dr. rom_personnel standards
TISA Pro-Talk_1-2554-Dr. rom_personnel standardsTISA Pro-Talk_1-2554-Dr. rom_personnel standards
TISA Pro-Talk_1-2554-Dr. rom_personnel standardsTISA
 
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infra
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infraTISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infra
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infraTISA
 
TISA Pro-Talk_1-2554-K.Sommai_pci-dss
TISA Pro-Talk_1-2554-K.Sommai_pci-dssTISA Pro-Talk_1-2554-K.Sommai_pci-dss
TISA Pro-Talk_1-2554-K.Sommai_pci-dssTISA
 
TISA MC_TISA_Pro-Talk_1-2554
TISA MC_TISA_Pro-Talk_1-2554TISA MC_TISA_Pro-Talk_1-2554
TISA MC_TISA_Pro-Talk_1-2554TISA
 

More from TISA (11)

Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554
Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554
Aec 2015 make thinkdifference_k.suphajee_tisa pro talk 4-2554
 
Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554Social and mobile tisa protalk 2 2554
Social and mobile tisa protalk 2 2554
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...
 
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
 
Human capital in it security TISA Pro-Talk_4-2554
Human capital in it security TISA Pro-Talk_4-2554Human capital in it security TISA Pro-Talk_4-2554
Human capital in it security TISA Pro-Talk_4-2554
 
Afta and labour article 14 tisa pro talk 4-2554
Afta and labour article 14 tisa pro talk 4-2554Afta and labour article 14 tisa pro talk 4-2554
Afta and labour article 14 tisa pro talk 4-2554
 
Final Agenda_TISA Pro-Talk_3-2554
Final Agenda_TISA Pro-Talk_3-2554Final Agenda_TISA Pro-Talk_3-2554
Final Agenda_TISA Pro-Talk_3-2554
 
TISA Pro-Talk_1-2554-Dr. rom_personnel standards
TISA Pro-Talk_1-2554-Dr. rom_personnel standardsTISA Pro-Talk_1-2554-Dr. rom_personnel standards
TISA Pro-Talk_1-2554-Dr. rom_personnel standards
 
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infra
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infraTISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infra
TISA Pro-Talk_1-2554-chaiya_korn_หัวข้อ มาตรา 25 and critical infra
 
TISA Pro-Talk_1-2554-K.Sommai_pci-dss
TISA Pro-Talk_1-2554-K.Sommai_pci-dssTISA Pro-Talk_1-2554-K.Sommai_pci-dss
TISA Pro-Talk_1-2554-K.Sommai_pci-dss
 
TISA MC_TISA_Pro-Talk_1-2554
TISA MC_TISA_Pro-Talk_1-2554TISA MC_TISA_Pro-Talk_1-2554
TISA MC_TISA_Pro-Talk_1-2554
 

Recently uploaded

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Apt sharing tisa protalk 2-2554

  • 1. Advanced Persistent Threats <APT> โดย ไชยกร อภิวัฒโนกุล, CISSP, CSSLP, GCFA, IRCA:ISMS Chief Executive Officer, S-Generation Co., Ltd. © 2011 S-Generation Co., Ltd.
  • 2. Name: Chaiyakorn Apiwathanokul ไชยกร อภิวัฒโนกุล Title: Chief Executive Officer Company: S-GENERATION Company Limited Asia Forensic Hub Company Limited Certificates: CISSP, CSSLP, IRCA:ISMS (ISO27001), SANS:GCFA • CSO ASEAN Award 2010 by Ministry of Information and Communications and Ministry of Public Security, Vietnam • Honoree in the Senior Information Security Professional category for the 2010 Asia-Pacific Information Security Leadership Achievements (ISLA) by (ISC)2 • Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544) • Contribute to Thailand Cyber Crime Act B.E.2550 • Workgroup for CA service standard development • Committee of national standard adoption of ISO27001/ISO27002 • Committee of Thailand Information Security Association (TISA) • Committee of Cybersecurity workforce development, Division of Skill Development, Ministry of Labour chaiyakorna@hotmail.com • Advisor to Department of Special Investigation (DSI) 1997 1999 2000 2004 2006 2011
  • 3. AGENDA 1. About APT 2. Night Dragon Attack 3. Other case study 4. Solutions Partnership © 2011 S-Generation Co., Ltd.
  • 4. New malware growth from Q1 2010 through Q1 2011 © 2011 S-Generation Co., Ltd.
  • 5. Malware Growth Nearly Twenty Million New Malware Threats in 2010 © 2011 S-Generation Co., Ltd.
  • 6. Malware Development Toolkit © 2011 S-Generation Co., Ltd.
  • 7. About APT APT = Advanced Persistent Threat ่ ่ จากกรณี ศึกษามากมายที่ปรากฏ อยูในหน้าข่าวไม่วาจะเป็ น Google , Night Dragon Attack , RSA และ SONY Play Station Network ที่ถูกบุกรุ กเข้าไปขโมยข้อมูลสาคัญออกมานั้น นักวิชาการทัว ่ โลกได้ลงความเห็นว่าเกิดจาก ปฏิบติการในลักษณะเดียวกันที่เรี ยกว่า Advanced Persistent Threat ั หรื อ APT ซึ่งมีความซับซ้อนและใช้วธีการที่ล้ าสมัยในการบุกรุ ก ยากที่จะตรวจจับได้โดยง่าย ิ จึงจาเป็ นที่ตองเรี ยนรู้ทาความเข้าใจลักษณะการเกิดขึ้นของปั ญหา เพื่อนาไปสู่ การพิจารณาสรรหา ้ เทคโนโลยีและกระบวนการ ที่เหมาะสม เข้ามาช่วยกันการบริ หารจัดการ © 2011 S-Generation Co., Ltd.
  • 8. What is APT? • Advanced – All possible available techniques (or new) – Coordinated – Both well-know and UKNOWN (0-day) vulnerabilities – Multiple phases • Persistent – Here to stay – Not by accident (targeted) – Specific mission – Polymorphic (for signature-base evasion) – Dormant(able) • Threat – Organized and funded and motivated • Highly sophisticated – dedicated "crews" with various missions • Targeted – State-sponsored – Cyberwarfare • Steal Information © 2011 S-Generation Co., Ltd.
  • 9. APT is used for … • Political objectives that include continuing to suppress its own population in the name of "stability.“ • Economic objectives that rely on stealing intellectual property from victims. Such IP can be cloned and sold, studied and underbid in competitive dealings, or fused with local research to produce new products and services more cheaply than the victims. • Technical objectives that further their ability to accomplish their mission. These include gaining access to source code for further exploit development, or learning how defenses work in order to better evade or disrupt them. Most worringly is the thought that intruders could make changes to improve their position and weaken the victim. • Military objectives that include identifying weaknesses that allow inferior military forces to defeat superior military forces. The Report on Chinese Government Sponsored Cyber Activities addresses issues like these. © 2011 S-Generation Co., Ltd.
  • 10. Some Characteristic of APT • Named in 2008 by US Air Force • As security jargon when Google describe the attack on 2009 • Advanced – Coordinated – Multi-phases • High expertise/knowledge/skill in each phase unlikely to be in one single individual • Highly crafted for specific target organization or individual • Period of operation in weeks, months or years • Not easy to detect © 2011 S-Generation Co., Ltd.
  • 11. Some Characteristic of APT • Phases of the operation • Target selection • Vulnerability identification • Domain contamination • Information ex-filtration • Intelligence analysis • Exploitation © 2011 S-Generation Co., Ltd.
  • 12. Some Characteristic of APT • Expert advise – Defense-in-Dept – Multiple layers of protection – Multiple compartments © 2011 S-Generation Co., Ltd.
  • 13. Some facts about APT Because APT malware is so difficult to detect, simple malware signatures such as MD5 hashes, filenames, and traditional anti-virus methods usually yield a low rate of true positives. © 2011 S-Generation Co., Ltd.
  • 14. Big Challenges in APT are… • Detection • Analysis • Containment © 2011 S-Generation Co., Ltd.
  • 15. Thing to Consider for Resolution • Educate users who has access to the infrastructure and critical information • Evaluate network security posture • Work with expert in case of incident or under suspicious • Automated situational awareness tool • Rapid deployment of countermeasures • Focus more on the detective measure • Focus more on what leaving out (ex-filtration) from your network • White-listing your environment © 2011 S-Generation Co., Ltd.
  • 16. Case Studies • Night Dragon • Ghost Net (Electronic Spy Network Focused on Dalai Lama and Embassy Computers) • Aurora (China vs. Google) • NASDAQ • RSA • Stuxnet • Sony Play Station Network (PSN) © 2011 S-Generation Co., Ltd.
  • 17. Night Dragon Attack “Night Dragon” attacks from China strike energy companies • Exxon Mobil, Royal Dutch Shell and BP were among the oil companies targeted • The intrusions targeted intellectual property and have been going on for as long as 2-4 years • The oil, gas and petrochemical companies targeted were hit with technical attacks on their public-facing Web sites. • It happens during 9am-5pm local Beijing time. © 2011 S-Generation Co., Ltd.
  • 18. © 2011 S-Generation Co., Ltd.
  • 19. Operation Aurora • China vs. Google • politically motivated attacks against Gmail from China • Censorship • Government Eavesdropping/Privacy • Backdoor • zero-day flaw in Internet Explorer © 2011 S-Generation Co., Ltd.
  • 21. STUXNET • Discovered late June 2010 • A computer worm that infects Windows computers • It primarily spreads via USB sticks, which allows it to get into computers and networks not normally connected to the Internet • Use both known and patched vulnerabilities, and four "zero-day exploits” • Target Siemens PLC • Reads and changes particular bits of data in the PLCs • It’s claimed to target Iranian powerplant © 2011 S-Generation Co., Ltd.
  • 22. What happen with Sony PlayStation … @2011 S-GENERATION CO., LTD
  • 23. RSA’s SecureID Security Breach! RSA has not yet divulged specifics about the APT attack of which it has found evidence and says it's now interacting with customers of its SecurID product on the situation. But security analysts are also quickly trying to size up the situation, advising their clientele who are RSA customers about a stance they might take. http://www.pcworld.com/businesscenter/article/222554/rsas_securid_security_breach_what_s hould_you_do.html#tk.mod_rel @2011 S-GENERATION CO., LTD
  • 24. RSA’s SecureID Security Breach! Microsoft Excel is used to distribute malicious SWF file (“2011 Recruitment plan.xls”) via email to specific users at RSA. (Perhaps other specific targets as well, an approach known as “spear phishing.”) A malicious SWF file installs a customized variant of the Poison Ivy remote administration tool (RAT) on the compromised machine. (Using a customized variant makes signature-based malware detection of the RAT ineffective; see FireEye Malware analysis of a.exe.) Using the RAT, users’ credentials are harvested and used to access other machines within the RSA network. These other machines are searched, sensitive information was copied and transferred to external servers. @2011 S-GENERATION CO., LTD
  • 25. RSA Breached • 2011 Recruitment plan.xls with malicious .swf file embeded • spear phishing • Customized variant Poison Ivy remote administration tool (RAT) • March 14, 2011 - Adobe issues security advisory and patch schedule, warning of a vulnerability (APSA11-01, CVE-2011- 0609, SecurityFocus BID 46860) • March 16, 2011 - Microsoft adds Exploit:SWF/CVE-2011-0609 detection for malicious SWF file. • March 17, 2011 - RSA warns SecurID customers after company is hacked, offers guidance. © 2011 S-Generation Co., Ltd.
  • 26. Many Other Cases • Night Dragon • Ghost Net (Electronic Spy Network Focused on Dalai Lama and Embassy Computers) • Aurora (China vs. Google) • NASDAQ • RSA • Stuxnet • Sony Play Station Network (PSN) © 2011 S-Generation Co., Ltd.
  • 27. About S-Generation “The Trusted Partner … to Conquer Advanced Digital Threats” • Cybersecurity Solutions Distribution in Thailand and ASEAN • Advanced Persistent Threats Solution • Mobile Security Solution • Application Security Solution • Information Security Consultancy • Incident Response, Recovery & Investigation • Industrial Control System Security (SCADA/DCS/BAS/Embedded) © 2011 S-Generation Co., Ltd.
  • 28. About S-Generation © 2011 S-Generation Co., Ltd.
  • 29. Welcome to S-Generation Channel on YouTube http://www.youtube.com/user/ SGenerationChannel © 2011 S-Generation Co., Ltd.
  • 30. About AFH Product • Planning session ( Plan of Action) • On-Site Support Professional • Document & File Discovery Service • Preservation of Evidence • Data Recovery & Analysis • Expert Reporting • Post – investigation Reports with Recommendations • Digital Media Sanitization © 2011 S-Generation Co., Ltd. CONFIDENTIAL TO AFH & PTTICT
  • 31. Thank You © 2011 S-Generation Co., Ltd.