How Vigilant Researchers Can Uncover APT Attacks for Fun and Non-Profit - Ladislav Baco скачать в хорошем качестве

How Vigilant Researchers Can Uncover APT Attacks for Fun and Non-Profit - Ladislav Baco

Many security researchers and analysts spend their nights with analyzing new attacks. Most of them use public services, threat intelligence feeds, OSInt and Recon techniques. I am not an exception. Usually we are tracking well known malware families and campaigns and their evolution. However, in some cases, it is possible to reveal even an APT attacks. This talk is about uncovering and tracking one APT attack targeting small European country. In March 2021 there was a sample submitted to online sandbox, which contains a reference to the local National Security Agency of that country. Analysis of this sample leads to Cobalt Strike beacon. Then, investigation of its C2 setup allowed researchers to use specialized Internet search engines and revealed even more C2 servers and find more older malware samples associated with this campaign and threat actor. Based on this case I would like to demonstrate how it is possible to uncover and analyze APT attacks even without enterprise-grade monitoring tools in the victim infrastructure. From the point of view of independent researcher without any access to the affected systems, using only tools and services such as Any.Run, Hybrid Analysis, VirusTotal, Shodan, Censys, etc.