Big Game Hunting The Peculiarities Of Nation State Malware Research

Channel:
United States All Hacking Cons
Subscribers:
6,410
Published on ● Video Link: https://www.youtube.com/watch?v=t6U3LyM7WdA


Duration: 50:29
6 views
0

The security industry focus on state-sponsored espionage is a relatively recent phenomenon. Since the Aurora Incident brought nation-state hacking into the spotlight, there's been high profile reports on targeted hacking by China, Russia, U.S.A, Israel, to name a few. This has lead to the rise of a lucrative Threat intelligence business, propelling marketing and media campaigns and fueling political debate.

This talk will cover the idiosyncrasies of nation-state malware research using the experiences of presenters in the 'Threat Analyst Sweatshop.' Regin (aka WARRIORPRIDE, allegedly written by the Five Eyes) and Babar (aka SNOWGLOBE, allegedly written by France) will be used as case studies in examining attribution difficulties. Additionally, we'll examine attributing commercially written offensive software (implants and exploits) and the (mostly negative) vendor responses. We'll cover what happens when you find other players on the hunt, and address the public misconception that attribution is frequently done using open source information.

We will focus on the attribution problem and present a novel approach on creating credible links between binaries originating from the same group of authors. Our goal is to add to transparency in attribution and supply analysts with a tool to emphasize or deny vendor statements. The technique is based on features derived from different domains, such as implementation details, applied evasion techniques, classical malware traits or infrastructure attributes; which are then leveraged to compare the handwriting among binaries.

PRESENTED BY
Morgan Marquis-Boire, Marion Marschalek, Claudio Guarnieri

Black Hat - USA - 2015 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-03Automated Human Vulnerability Scanning With AVA
2022-01-03Exploiting The DRAM Rowhammer Bug To Gain Kernel Privileges
2022-01-03CrackLord Maximizing Password Cracking Boxes
2022-01-03Internet Scale File Analysis
2022-01-03BGP Stream
2022-01-03Back Doors And Front Doors Breaking The Unbreakable System
2022-01-03Exploiting XXE Vulnerabilities In File Parsing Functionality
2022-01-03Is The NSA Still Listening To Your Calls A Surveillance Debate
2022-01-03Faux Disk Encryption Realities Of Secure Storage On Mobile Devices
2022-01-03Battle Of The SKM And IUM How Windows 10 Rewrites OS Architecture
2022-01-03Big Game Hunting The Peculiarities Of Nation State Malware Research
2022-01-03FileCry The New Age Of XXE
2022-01-03Forging The USB Armory, An Open Source Secure Flash Drive Sized Computer
2022-01-03Behind The Mask The Agenda, Tricks, & Tactics Of The Federal Trade Commission
2022-01-03Breaking Access Controls With BLEKey
2022-01-03Fingerprints On Mobile Devices Abusing And Leaking
2022-01-03From False Positives To Actionable Analysis Behavioral Intrusion Detection
2022-01-03Abusing Silent Mitigations Understanding Weaknesses Within Internet Explorer
2022-01-03Breaking Honeypots For Fun And Profit
2022-01-03Crash & Pay How To Own And Clone Contactless Payment Devices
2022-01-03GameOver Zeus Badguys And Backends


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
information
hack
online
password
code
web
protection
network
scam
malware
secure
software
access
safety
system
firewall
communication
business
privacy
account
spy
programmer
program
spyware
hacked
hacking conference
conference
how to
2022
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Morgan Marquis-Boire
Marion Marschalek
Claudio Guarnieri
endpoint
research