Overview
Explore the intricacies of nation-state malware research in this 50-minute Black Hat conference talk. Delve into the peculiarities of investigating state-sponsored cyber espionage with experienced threat analysts. Examine case studies of high-profile malware like Regin and Babar to understand attribution challenges. Learn about the difficulties in attributing commercially written offensive software and vendor responses. Discover a novel approach for creating credible links between binaries from the same group of authors, enhancing transparency in attribution. Gain insights into the attribution problem, misconceptions about open-source information, and the complexities of the threat intelligence business. Analyze features from various domains to compare malware "handwriting" and evaluate vendor statements critically.
Syllabus
Introduction
Welcome
GCHQ
Telemetry Data
Big Game Hunting
Binary
Context
Text Interpretation
Proof Concept
Soft Attribution
The Region
The Mailing List
Chinese APT
Sample
Soft Attribute
Hard Attribute
Clapper
FinFisher
Hacking Team
Email Archive
FBI Purchase
Longevity
Compartment 2002
Control Component
Harness Component
Old Windows
Modern Windows
Windows Vista
Network sniffers
Network communication
New samples
Magic 8ball
Outro
Taught by
Black Hat