POSITIVE HACK DAYS



ORGANIZER

Program

DIY anti-APT

Want to visit   +74

Author: Danil Borodavkin

Malicious code obfuscation, social engineering, exploiting either bugs or features in Windows—modern arsenal allows hackers to bypass signature protection successfully. The report focuses on the experience of building a corporate open-source-based system aimed at detecting attacks that cannot be detected by traditional protection tools. This talk will cover static and dynamic analysis elements, curious incidents that have been detected by the system (using exploits for MS Office, JS code in CHM files, tricks with inserting OLE to PDF and multipart, hacking a contractor and a major air travel company as a facilitating step). The speaker will also share statistics on detection of a DIY system, signature tools, and one commercial anti-APT solution.

  • Language
  • Russian

A security specialist with experience in intrusion detection, sandboxes, email filtering. Head of the corporate SOC at Information Satellite Systems (the Roscosmos group of companies). An Associate Professor at the Information Security scientific laboratory, initiative of the Siberian Federal University. 10 years of experience in information security. A *nix advocate. Passionate about open source, duct tapes, and order.

Danil Borodavkin Danil Borodavkin

Back to the list