Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Persistent Threat
John Denune
IT Security Director
University of California, San Diego
jdenune@ucsd.edu
ACT Infrastructure services
Security
Telecom
Networking
ID Management
UNIX and Windows Support
ACT Security
It’s not
Opportunistic
Varied Attacks Espionage
Technical
Targeted
Patient
Corporate APT
State-Sponsored
Skilled
Hacktivism Theft
Physical threats
Social Engineering
APT Lifecycle
External
Recon
Initial
Expand
Compromise
Complete
Mission
Internal Establish
Recon Foothold
Escalate
Privileges
Initial Detection
June 2012
Lesson #1
Pay attention to
anti-virus alerts
Lesson #2
Don’t
(completely)
rely on your
anti-virus
product
Lesson #3
Where possible,
track IP’s instead
of blocking them
Initial Recon
February 2012
Initial Compromise
April 2012
Gh0st RAT
Lesson #4
Make your
local FBI agent
your new best
friend
Lesson #5
Have a secure
communications
plan in place
Lesson #6
Log everything,
especially
authentication,
netflow and DNS
Attack timing
Domain Admin
NTLM hash now
stored in client
memory.
Pass the Hash
Reconsider
traditional
password best
practices
Good passwords?
*tecno9654postgres
A Matt Hale Tribute CD would be cool..
Access-Control-Allow-Origin
Abundance4me2day
Bulletformyvalentine123
Elementarymydearwatson
Putin is nothing but commie scum.
Video killed the radio star?
antcolonyoptimization
Emergency Action
September 2012
Lesson #8
Effectively and
securely
communicating
a password
change is hard
We are not alone
Reengagement
July 2013
Parting Thoughts