Unsolved Mysteries – Revisiting the APT Cold Case Files - SANS CTI Summit 2019 скачать в хорошем качестве

Unsolved Mysteries – Revisiting the APT Cold Case Files - SANS CTI Summit 2019

No matter how fascinating the advanced persistent threats (APTs) we discover, we often find that there’s never enough time for adequate study. The next blog release is forthcoming...a deadline is missed...resources must be diverted elsewhere. In the process of chasing the PR high, we often find that intriguing questions fall through the cracks and certain mysteries are left unsolved. Moreover, at no fault of the analysts, it turns out some of these mystery cases were ahead of their time – a time when we lacked the technology to dig deeper, span wider datasets, and understand the nature of the threat at hand. Let’s correct this. While vendors continue to race one another for the next hot thing, let’s instead take pause and revisit the cold cases and the unsolved mysteries. Let’s find ways to hunt, cluster, and perhaps even attribute yesterday’s rarest intrusion sets. In the process of leveraging these to find our culprits, we’ll learn to value the techniques and solutions developed over the past half-decade of private sector APT hunting. Juan Andres Guerrero-Saade (@juanandres_gs), Researcher, Chronicle Security