DS21 - Artem Artemov and Rustam Mirkasymov - Do You Have a PlugX скачать в хорошем качестве

DS21 - Artem Artemov and Rustam Mirkasymov - Do You Have a PlugX

Deep overview of a tool used by the Chinese nation-state APTs based on a real-life Incident Response case with a big industrial company. Investigation yielded the presence of PlugX in the infrastructure. This presentation gives a full overview of the tools functionality, its past versions, and nowadays usage (Thor is a new version of plugX). We show why it is hard to find and why it's important for big industrial companies. And also we talk about our assumption that all recent big attacks - first Sunburst and then Exchange exploits (proxylogon related to Hafnium) are links of one chain. Artem Artemov: Head of DFIR Lab Group-IB Europe. More than 14 years in DF, last 10 years in Group-IB. Incident responses all over the world, I take part in investigations and arrest of cybercrime groups like Carberp, Buhtrap, Corcow, Cobalt, Cron, Moneytaker and others. Also I provide tailored DF courses at several universities. Rustam Mirkasymov: Head of Cyber Threat Research, Group-IB Europe. 8 years in cyber threat research and threat intelligence. Strong skills in reverse engineering, knowledge in exploit development and understanding software vulnerabilities mechanisms. Author / co-author of numerous APT threat reports (including Lazarus, Silence, Cobalt, MoneyTaker, RedCurl). Experienced speaker at key cyber security media & events.