Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hacking Exposed - Real-World Tradecraft of Bears, Pandas and Kittens

RSA Conference via YouTube

Overview

Explore real-world case studies of advanced cyber intrusions in this 47-minute conference talk from RSA Conference. Delve into demos and mitigation strategies for high-profile hacks, including the Democratic National Committee breach, as presented by Dmitri Alperovitch, Co-Founder and CTO of CrowdStrike. Gain insights into the tradecraft of state-sponsored threat actors like Bears, Pandas, and Kittens. Learn about initial infection tactics using malicious LNK files and macro documents, privilege escalation techniques involving UACME and kernel exploits, credential theft methods, persistence mechanisms through WMI event subscriptions and service DLLs, and exfiltration strategies employing disguised RAR files. Understand the power of cyber threat intelligence and discover effective countermeasures to protect against sophisticated cyber attacks.

Syllabus

Intro
POWER OF THE ACADEMY
INITIAL INFECTION: BEAR TACTIC - MALICIOUS LNK
LNK FILE COMPONENTS
LNK FILE CONSTRUCTION
INITIAL INFECTION: PANDA TACTIC - MACRO DOCUMENT
PRIVILEGE ESCALATION: BEAR TACTIC - UACME #23
HIGH LEVEL EXPLANATION: USMDISM METHOD
PRIVILEGE ESCALATION: PANDA TACTIC - KERNEL O-DAY
CREDENTIAL THEFT: BEAR & PANDA - IT'S A TIE!
PERSISTENCE: BEAR TACTIC - WMI EVENT SUBSCRIPTION
WMI EVENT SUBSCRIPTION BREAKDOWN
PERSISTENCE: PANDA TACTIC - SERVICEDLL
REGISTERING THE SERVICE
COUNTERMEASURES
EXFILTRATION: PANDA TACTIC - DISGUISED RAR

Taught by

RSA Conference

Reviews

Start your review of Hacking Exposed - Real-World Tradecraft of Bears, Pandas and Kittens

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.