Overview
Explore an in-depth analysis of escalated Advanced Persistent Threat (APT) attacks in this Black Hat USA 2013 conference talk. Delve into the research conducted by Xecure-Lab and Academia Sinica on targeted attack operations across the Taiwan Strait. Learn about the development of XecScan 2.0, an automated system equipped with dynamic and static malicious software forensics technology for analyzing APT emails, malware, and document exploits. Discover the unique perspective on APT attacks targeting Taiwan due to its network infrastructure and political position. Gain insights into the comparison between APT1 samples and those discovered in Taiwan, along with the history of APT1 hacker activities. Understand the APT life cycle, detection methods, and the importance of automation in combating these threats. Explore topics such as binary day drops, debugging symbols, IP rates, and sandbox engines. Get access to a free, publicly accessible portal for collaborative APT classification and XecScan 2.0 APIs.
Syllabus
Introduction
Why we are based in Taiwan
Benson
Taiwan
Air Leaks
IP Addresses
Random Accounts
Emails
Taiwan APT Playground
Taiwan APT Campaigns
Detectability
APT Life Cycle
Binary Day Drop
Debugging Symbols
Similar Mail
Fast Cars
At least Male
Second Car
Garage
Group IP Rates
Host Label
DoD
Labeling
Workflow
Cross mapping
Traditional botnet model
Multiple chicken farms
Automation
How they do this
Where are the chickens
Travel
People
Farmers
Timing Correlation
Virtual Machines
Sandbox Engine 3
Yara Rules
CACAP Server
Other Tools
Reverse Lookup
Screenshot
QA
Taught by
Black Hat