Targeted Attacks: From Being A Victim To Counter Attacking presented at Blackhat Europe 2010

by Andrzej Dereszowski,

Tags: Security Access Exploitation Analysis

Summary : This presentation is an analysis of a common sort of targeted attacks performed nowadays against many organizations. As it turns out, publicly available remote access tools - RAT (which we usually call trojans) are frequently used to maintain control over the victim after a successful penetration. The presentation and the white paper do not focus on a particular exploitation techniques used in these attacks. Instead, they aim to get a closer look at one of the most popular remote access trojans.
The presentation describes a way to ?gure out which particular trojan has been used. It shows the architecture, capabilities and techniques employed by developers of the identi?ed trojan, including mechanisms to hide its presence in the system, and to cover its network trace. It speaks about tools and techniques used to perform this analysis. Finally, it presents a vulnerability analysis and a proof of concept exploit to show that the intruders could also be an object of an attack.