Overview
Syllabus
Intro
C.K Chen @bletchley13
CyCraft in MITRE ATT&CK Evaluation
Outline
Cyberattack to semiconductor vendors
Group Chimera
Investigation Overview
Today's Case Study
Case A: Overview
Used Hosting Server for C2
Root Cause Analysis - PC-SHENNA
Remote Execution Tools
Root Cause Analysis - Server-LAUREN
NTDS.DIT Explanation
Root Cause Analysis - NB-CLAIR
Recon
Data Exfiltration
Powershell
Cyber Situation Graph
Archive Password
Leaked File Name
Actors' Digital Arsenal
Cobalt Strike Beacon
Cobalt Strike Components
Suspicious R-W-X Memory
Hybrid Payload: PE as Shellcode
Transfer Shellcode via Named Pipe
Mutated rar.exe
Forwarded Imports
Dumpert: Implementation
Impact of Skeletonkey Injector
Take Away - 2
Taught by
Hack In The Box Security Conference