Explore an in-depth investigation of advanced cyber attack techniques and defense strategies in this 53-minute conference talk from Derbycon 2016. Delve into the complexities of stealthy network traffic, Spark Lines, and rapidly evolving tactics used by sophisticated threat actors. Learn about the three versions of C Daddy, the importance of prioritizing unknown threats, and methods for improving indicators. Examine malware analysis techniques and advanced attack methodologies, including WMI usage, event filtering, PowerShell modules, and Kerberos ticket attacks. Gain valuable insights on detecting and mitigating WMI PowerShell backdoors, understanding attack configurations, and implementing effective defensive measures. Conclude with a Q&A session to further expand your knowledge of cutting-edge cybersecurity practices.
Overview
Syllabus
Introduction
Stealth
Network Traffic
Spark Lines
Lessons
Rapidly evolving tactics
Three versions of C Daddy
Prioritize the unknown
Improving indicators
Looking at the malware
Rapidly evolve
Advanced attack techniques
WMI usage
Event filter
PowerShell
Module Log
Kerberos Ticket Attack
Indicators
WMI PowerShell
Backdoor
Lesson
The Config
Nick Carr
Questions
