Making Attacks Go Backwards presented at GrrCon 2013

by Josh ‘fuzzynop’ Schwartz, Matt ‘hastisec’ Hastings,

Summary : Imagine a pentest where there is no scope, no time restraints, and no budget. How would you do it? Would you write your own tools? Would you get detected? And if you did would they know what you stole and what was owned? As time went on, would you get lazy?
It sounds like a dream gig for most pentesters out there and lucky for some threat actors, this is the 9 to 5 job. By now we shouldn’t have to mention the advanced persistent buzzword for you to know what we are talking about. Targeted threat actors are people too, they make mistakes, their judgement is bad sometimes, they get lazy, and sometimes their skills are bad and they should feel bad.
In this talk we will cover how attacker tactics can leave behind obvious evidence, how their tools and can be identified and analyzed quickly, and how the human side of every attacker can lead to some great lulz. Attendees should leave armed with a variety of examples from the trenches of incident response and malware analysis that will give them an edge against the less advanced of advanced attackers. Key takeaways will include tips and tricks for identifying and reverse engineering malware and utilities used in targeted attacks as well as the forensic evidence they leave behind.