Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers

•Transferir como PPTX, PDF•

7 gostaram•2,375 visualizações

This short 45 minutes presentation is aimed at ICS/SCADA and general IT engineers who want to understand basic concepts related to the much discussed threat that is APT. The audience is first introduced to the concepts, who employs APTs before going into how they manifest before finally closing out with mitigation and defense strategies.

Tecnologia

APT for Engineers
IET - Cyber Security for Critical Infrastructure
Ollie Whitehouse, Technical Director

Agenda
APT: definition
APT: manifestation and implementation
APT: mitigation, detection and remediation
Conclusions
2

4
Advanced: i.e. not basic
Persistent: i.e. not non-persistent
Threat: i.e. backdoor, remote access,
retained control, root kit etc.
APT: definition

6
Intelligence agenciesOrganised criminals

8
APT: manifestation
http://cyber.lockheedmartin.com/cyber-kill-chain-lockheed-martin-poster https://nigesecurityguy.wordpress.com/2013/06/04/defensible-security-posture/

9
APT: manifestation - key functions
Command
&
Control
(C2)
Persistence
Security &
Defence
Functionality &
Maintenance

10
Ensures remote and desired level of access
Persistent but minimizes forensic artefacts
Minimizes likelihood of detection
Frustrates analysis
Modular, upgradable and versatile
APT: manifestation - goals

11
December 2014 NCC Group dealt with the compromise of
REDACTED who had been compromised by Shell Crew
http://www.emc.com/collateral/white-papers/h12756-wp-shell-
crew.pdf
This actor uses the Derusbi trojan family to maintain access which
supports a form of port-knocking.
APT: manifestation

15
A program (i.e. on Windows, Mac OS X, Linux, iOS/Android etc.)
A kernel driver (i.e. on Windows, Mac OS X, Linux etc.)
A non-persistent patch to existing code (anything)
A malicious firmware (embedded devices)
APT: implementation

16
Summer 2014 NCC Group detect a malicious RTF (document)
containing the Havex RAT
We then developed signatures and detected numerous trojaned ICS /
SCADA tools in malware zoos
Actor has been compromising ICS / SCADA tool vendor web sites,
trojaning legitimate binaries with havex and waiting for downloads
APT: manifestation
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/june/extracting-the-payload-from-a-cve-2014-1761-rtf-document/

17
APT: manifestation
http://cyber.lockheedmartin.com/cyber-kill-chain-lockheed-martin-poster https://nigesecurityguy.wordpress.com/2013/06/04/defensible-security-posture/

29
Software stacks are today very complex
Re-writable software is everywhere
Cryptographic code signing etc. is not
APT: manifestation - reality

31
Known knowns = Indicators of Compromise (IOCs)
IOCs = signatures for network traffic or files
APT: detection – known knowns

32
Monitoring and measurement
network
OS
device
Anomaly detection and investigation
using monitoring and measurement
APT: detection – unknown unknowns

34
observe – from the network or on host
identify – the program code
extract – from the host / device
analyse – statically / dynamically
APT: analysis

36
APT: mitigation – 2002 proposal
https://en.wikipedia.org/wiki/Next-Generation_Secure_Computing_Base

37
APT: mitigation - TPMs
https://en.wikipedia.org/wiki/Trusted_Platform_Module

38
APT: mitigation – UEFI Secure Boot
http://answers.microsoft.com/en-us/windows/forum/windows8_1-security/uefi-secure-boot-in-windows-81/65d74e19-9572-4a91-85aa-57fa783f0759?auth=1

39
APT: mitigation – UEFI Secure Boot
http://answers.microsoft.com/en-us/windows/forum/windows8_1-security/uefi-secure-boot-in-windows-81/65d74e19-9572-4a91-85aa-57fa783f0759?auth=1

40
APT: mitigation – UEFI Secure Boot
http://answers.microsoft.com/en-us/windows/forum/windows8_1-security/uefi-secure-boot-in-windows-81/65d74e19-9572-4a91-85aa-57fa783f0759?auth=1

41
Once we have an OS* we trust
.. we can do things like
hypervisor level malicious code scanning
early launch malware detection (Windows)
APT: mitigation
* caveat is now hardware with DMA access and if IOMMUs are used or if data/code in RAM
is otherwise protected from manipulation

43
persistent element:
encrypted to host
not persistent until shutdown
persisted via secondary host
command and control
adding to legitimate network connections
APT: putting the advanced in APT

45
Europe
Manchester - Head Ofﬁce
Amsterdam
Cambridge
Copenhagen
Cheltenham
Edinburgh
Glasgow
Leatherhead
London
Luxembourg
Munich
Zurich
Australia
Sydney
North America
Atlanta
Austin
Chicago
New York
San Francisco
Seattle
Sunnyvale
Ollie Whitehouse
ollie.whitehouse@nccgroup.trust

Mais conteúdo relacionado

Mais procurados

Advanced Persistent Threat: come muoversi tra il marketing e la realtà?

festival ICT 2016

RSA Anatomy of an Attack

integritysolutions

Advanced persistent threat (apt)

mmubashirkhan

Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...

RootedCON

Corporate threat vector and landscape

yohansurya2

Apt sharing tisa protalk 2-2554

TISA

How secure are your systems

City Unrulyversity

Advanced Persistent Threats (APTs) - Information Security Management

Mayur Nanotkar

While a lot of attention is devoted to the mitigation of previously unknown attack methods ("0 days"), many of today's high-profile breaches are caused by "Known Vulnerabilities" in the application's components, also referred to as "vulnerabilities in third-party components." Attackers are quickly moving to exploit applications built with vulnerable components and are inflicting serious data loss and/or hijacking entire servers in the process. The rising popularity of third-party components in application development enables attackers to quickly and repeatedly locate and exploit vulnerabilities in application components - making these attacks widespread and extremely hazardous. This presentation will: (1) explore the recent growth of "Known Vulnerabilities" and examine the scope of the problem (2) examine how attackers are able to quickly "weaponize" these vulnerabilities for immediate profit (3) reveal techniques for limiting the damage resulting from "Known Vulnerabilities" exploitation.

Hiding in Plain Sight: The Danger of Known Vulnerabilities

Imperva

Kill Chain Model for Use Cases Assist in Incident Response 1- Situational Awareness Outbound Protocols Outbound protocols by size Top destination Countries Top destination Countries by size 2- Reconnaissance Port scan activity ICMP query 3- Weaponization and Delivery Injection Cross Site Scripting Cross Site Request Forgery Failure to Restrict URL Downloaded binaries Top email subjects Domains mismatching Malicious or anomalous Office/Java/Adobe files Suspicious Web pages (iframe + [pdf|html|js])

Incident Response: Validation, Containment & Forensics

Priyanka Aash

Yehia Mamdouh @ DTS Solution - The Gentleman Thief

Shah Sheikh

Vulnerability assessment & Penetration testing Basics

Mohammed Adam

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors

mdagrossa

Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware

Shah Sheikh

How to assign a CVE to yourself?

Ramin Farajpour Cami

The Golden Rules - Detecting more with RSA Security Analytics

Demetrio Milea

Analysis of RSA Lockheed Martin Attack

Gavin Davey

Hunting The Shadows: In Depth Analysis of Escalated APT Attacks

F _

Ethical hacking

Saqib Raza

The paper covers honeypot (and honeynet) basics and definitions and then outlines important implementation and setup guidelines. It also describes some of the security lessons a company can derive from running a honeypot, based on the author experience running a research honeypot. The article also provides insights on techniques of the attackers and concludes with considerations useful for answering the question “Should your organization deploy a honeynet?”

Honeypot Essentials

Anton Chuvakin

Mais procurados (20)

Advanced Persistent Threat: come muoversi tra il marketing e la realtà?

RSA Anatomy of an Attack

Advanced persistent threat (apt)

Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...

Corporate threat vector and landscape

Apt sharing tisa protalk 2-2554

How secure are your systems

Advanced Persistent Threats (APTs) - Information Security Management

Hiding in Plain Sight: The Danger of Known Vulnerabilities

Incident Response: Validation, Containment & Forensics

Yehia Mamdouh @ DTS Solution - The Gentleman Thief

Vulnerability assessment & Penetration testing Basics

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors

Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware

How to assign a CVE to yourself?

The Golden Rules - Detecting more with RSA Security Analytics

Analysis of RSA Lockheed Martin Attack

Hunting The Shadows: In Depth Analysis of Escalated APT Attacks

Ethical hacking

Honeypot Essentials

Destaque

Monty McDougal, Cyber Engineering Fellow, Intelligence, Information and Services, Raytheon Advanced Persistent Threat Life Cycle Management This presentation will cover the full Advanced Persistent Threat (APT) Life Cycle and Management of the resulting intrusions. It will cover both what the APTs are doing as attackers and what we as defenders should be doing for both the APT Mission Flows and the Computer Network Defense (CND) Mission Flows.

NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...

North Texas Chapter of the ISSA

Private sector cyber resilience and the role of data diodes

Ollie Whitehouse

APT 28 :Cyber Espionage and the Russian Government?

anupriti

DamballaOverview

David C. Petty

Secure App Aspirations: Why it is very difficult in the real world

Ollie Whitehouse

Threat Intelligence - Routes to a Proactive Capability

Ollie Whitehouse

From Problem to Solution: Enumerating Windows Firewall-Hook Drivers

Ollie Whitehouse

Designing and building post compromise recoverable services

Ollie Whitehouse

Agile software security assurance

Ollie Whitehouse

Smart grid in the Critical National Infrastructure

Ollie Whitehouse

Why defensive research is sexy too.. … and a real sign of skill

Ollie Whitehouse

NCC Group C Suite Cyber Security Advisory Services

Ollie Whitehouse

Finding The Weak Link in Windows Binaries

Ollie Whitehouse

Securing your supply chain & vicarious liability (cyber security)

Ollie Whitehouse

Countering the Cyber Threat

Ollie Whitehouse

Red Teaming and the Supply Chain

Ollie Whitehouse

Assuring the Security of the Supply Chain - Designing best practices for cybe...

Ollie Whitehouse

NCC Group Pro-active Breach Discovery: Network Threat Assessment

Ollie Whitehouse

Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP

Michael Coates

This talk briefly discusses strategies and methodologies than can be employed when assessing IoT devices. We look at how to develop credible threat scenarios for different IoT device and systems, perform static and dynamic attack surface mapping, perform static firmware analysis, perform static hardware analysis, undertake a dynamic device security analysis, sources of supporting information, supporting capability requirements and establishment, Execution of dynamic device analysis and approaches around network protocol analysis.

Practical Security Assessments of IoT Devices and Systems

Ollie Whitehouse

Destaque (20)

NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...

Private sector cyber resilience and the role of data diodes

APT 28 :Cyber Espionage and the Russian Government?

DamballaOverview

Secure App Aspirations: Why it is very difficult in the real world

Threat Intelligence - Routes to a Proactive Capability

From Problem to Solution: Enumerating Windows Firewall-Hook Drivers

Designing and building post compromise recoverable services

Agile software security assurance

Smart grid in the Critical National Infrastructure

Why defensive research is sexy too.. … and a real sign of skill

NCC Group C Suite Cyber Security Advisory Services

Finding The Weak Link in Windows Binaries

Securing your supply chain & vicarious liability (cyber security)

Countering the Cyber Threat

Red Teaming and the Supply Chain

Assuring the Security of the Supply Chain - Designing best practices for cybe...

NCC Group Pro-active Breach Discovery: Network Threat Assessment

Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP

Practical Security Assessments of IoT Devices and Systems

Semelhante a Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers

Security is a major concern in computer networking which faces increasing threats as the commercial Internet and related economies continue to grow. Virtualization technologies enabling scalable Cloud services pose further challenges to the security of computer infrastructures, demanding novel mechanisms combining the best-of-breed to counter certain types of attacks . Our work aims to explore advances in Cyber Threat Intelligence (CTI) in the context of Software Defined Networking (SDN) architectures. While CTI represents a recent approach to combat threats based on reliable sources, by sharing information and knowledge about computer criminal activities, SDN is a recent trend in architecting computer networks based on modularization and programmability principles. In this dissertation, we propose IntelFlow, an intelligent detection system for SDN that follows a proactive approach using OpenFlow to deploy countermeasures to the threats learned through a distributed intelligent plane. We show through a proof of concept implementation that the proposed system is capable of delivering a number of benefits in terms of effectiveness, altogether contributing to the security of modern computer network designs.

IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...

Open Networking Perú (Opennetsoft)

Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks. This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.

Slide Griffin - Practical Attacks and Mitigations

EnergySec

API Security: the full story

42Crunch

Cyber Security Threat Modeling

Dr. Anish Cheriyan (PhD)

FALCON.pptx

AvinashRanjan80

Security operation center (SOC)

Ahmed Ayman

Understanding Cyber Kill Chain and OODA loop

David Sweigert

The Hacking Games - Operation System Vulnerabilities Meetup 29112022

lior mazor

What are the best tools used in cybersecurity in 2023.pdf

tsaaroacademy

Cybersecurity - Jim Butterworth

TechBiz Forense Digital

Removing Security Roadblocks to IoT Deployment Success

Microsoft Tech Community

CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...

Cristian Garcia G.

Super1

neelakanteswarreddy

Using Splunk for Information Security

Splunk

Using Splunk for Information Security

Shannon Cuthbertson

F-Secure RADAR lance sur le marché français un scanner de vulnérabilité puissant et accessible à la fois qui vous permettra d'identifier et contrôler les failles de sécurité sur l'ensemble de votre infrastructure. Grâce à F-Secure RADAR : -Cartographiez vos dispositifs et réseaux en temps réel. -Comprenez le niveau de risque. -Suivez automatiquement les évolutions des risques. -Générez des rapports détaillés et personnalisés. Testez la solution gratuitement pendant 1 mois !

RADAR - Le nouveau scanner de vulnérabilité par F-Secure

NRC

inforamtion security full notes unit 1.ppt

it160320737038

Level up your SOC - Guide for a Resilient Education Program.pdf

Brandon DeVault

A long time ago, in a galaxy far far away, AV was invented. Then firewalls and IDS and SIEM and NAC and DLP and on and on. With all these products, it seems like a career in information security is really more about managing tools than defeating a galactic empire of hackers and miscreants. But like the Rebel Alliance, you can take back your enterprise, because many of our existing monitoring systems and network devices also have security functionality. Moreover, there are many excellent open source applications that work just as well as commercial ones.

Ending the Tyranny of Expensive Security Tools

SolarWinds

Ending the Tyranny of Expensive Security Tools

Michele Chubirka

Semelhante a Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers (20)

IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...

Slide Griffin - Practical Attacks and Mitigations

API Security: the full story

Cyber Security Threat Modeling

FALCON.pptx

Security operation center (SOC)

Understanding Cyber Kill Chain and OODA loop

The Hacking Games - Operation System Vulnerabilities Meetup 29112022

What are the best tools used in cybersecurity in 2023.pdf

Cybersecurity - Jim Butterworth

Removing Security Roadblocks to IoT Deployment Success

CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...

Super1

Using Splunk for Information Security

RADAR - Le nouveau scanner de vulnérabilité par F-Secure

inforamtion security full notes unit 1.ppt

Level up your SOC - Guide for a Resilient Education Program.pdf

Ending the Tyranny of Expensive Security Tools

Último

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Exploring Multimodal Embeddings with Milvus

Zilliz

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers

1. APT for Engineers IET - Cyber Security for Critical Infrastructure Ollie Whitehouse, Technical Director

2. Agenda APT: definition APT: manifestation and implementation APT: mitigation, detection and remediation Conclusions 2

3. 3 definition

4. 4 Advanced: i.e. not basic Persistent: i.e. not non-persistent Threat: i.e. backdoor, remote access, retained control, root kit etc. APT: definition

5. 5 Intelligence agencies

6. 6 Intelligence agenciesOrganised criminals

7. 7 manifestation and implementation

8. 8 APT: manifestation http://cyber.lockheedmartin.com/cyber-kill-chain-lockheed-martin-poster https://nigesecurityguy.wordpress.com/2013/06/04/defensible-security-posture/

9. 9 APT: manifestation - key functions Command & Control (C2) Persistence Security & Defence Functionality & Maintenance

10. 10 Ensures remote and desired level of access Persistent but minimizes forensic artefacts Minimizes likelihood of detection Frustrates analysis Modular, upgradable and versatile APT: manifestation - goals

11. 11 December 2014 NCC Group dealt with the compromise of REDACTED who had been compromised by Shell Crew http://www.emc.com/collateral/white-papers/h12756-wp-shell- crew.pdf This actor uses the Derusbi trojan family to maintain access which supports a form of port-knocking. APT: manifestation

12. 12 APT: manifestation

13. 13 APT: implementation

14. 14 APT: implementation

15. 15 A program (i.e. on Windows, Mac OS X, Linux, iOS/Android etc.) A kernel driver (i.e. on Windows, Mac OS X, Linux etc.) A non-persistent patch to existing code (anything) A malicious firmware (embedded devices) APT: implementation

16. 16 Summer 2014 NCC Group detect a malicious RTF (document) containing the Havex RAT We then developed signatures and detected numerous trojaned ICS / SCADA tools in malware zoos Actor has been compromising ICS / SCADA tool vendor web sites, trojaning legitimate binaries with havex and waiting for downloads APT: manifestation https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/june/extracting-the-payload-from-a-cve-2014-1761-rtf-document/

17. 17 APT: manifestation http://cyber.lockheedmartin.com/cyber-kill-chain-lockheed-martin-poster https://nigesecurityguy.wordpress.com/2013/06/04/defensible-security-posture/

18. 18 APT: manifestation

19. 19 APT: manifestation

20. 20 APT: manifestation

21. 21 APT: manifestation

22. APT: manifestation 22

23. APT: manifestation 23

24. APT: manifestation 24

25. APT: manifestation 25

26. APT: manifestation 26

27. APT: manifestation 27

28. APT: manifestation 28

29. 29 Software stacks are today very complex Re-writable software is everywhere Cryptographic code signing etc. is not APT: manifestation - reality

30. 30 detection

31. 31 Known knowns = Indicators of Compromise (IOCs) IOCs = signatures for network traffic or files APT: detection – known knowns

32. 32 Monitoring and measurement network OS device Anomaly detection and investigation using monitoring and measurement APT: detection – unknown unknowns

33. 33 analysis

34. 34 observe – from the network or on host identify – the program code extract – from the host / device analyse – statically / dynamically APT: analysis

35. 35 mitigation and remediation

36. 36 APT: mitigation – 2002 proposal https://en.wikipedia.org/wiki/Next-Generation_Secure_Computing_Base

37. 37 APT: mitigation - TPMs https://en.wikipedia.org/wiki/Trusted_Platform_Module

38. 38 APT: mitigation – UEFI Secure Boot http://answers.microsoft.com/en-us/windows/forum/windows8_1-security/uefi-secure-boot-in-windows-81/65d74e19-9572-4a91-85aa-57fa783f0759?auth=1

39. 39 APT: mitigation – UEFI Secure Boot http://answers.microsoft.com/en-us/windows/forum/windows8_1-security/uefi-secure-boot-in-windows-81/65d74e19-9572-4a91-85aa-57fa783f0759?auth=1

40. 40 APT: mitigation – UEFI Secure Boot http://answers.microsoft.com/en-us/windows/forum/windows8_1-security/uefi-secure-boot-in-windows-81/65d74e19-9572-4a91-85aa-57fa783f0759?auth=1

41. 41 Once we have an OS* we trust .. we can do things like hypervisor level malicious code scanning early launch malware detection (Windows) APT: mitigation * caveat is now hardware with DMA access and if IOMMUs are used or if data/code in RAM is otherwise protected from manipulation

42. 42 putting the advanced in APT

43. 43 persistent element: encrypted to host not persistent until shutdown persisted via secondary host command and control adding to legitimate network connections APT: putting the advanced in APT

44. 44 Conclusions

45. 45 Europe Manchester - Head Ofﬁce Amsterdam Cambridge Copenhagen Cheltenham Edinburgh Glasgow Leatherhead London Luxembourg Munich Zurich Australia Sydney North America Atlanta Austin Chicago New York San Francisco Seattle Sunnyvale Ollie Whitehouse ollie.whitehouse@nccgroup.trust

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers

Semelhante a Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers (20)

Último

Último (20)

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers