2013 the year in review
play

2013 - The year in Review thinkst applied research @haroonmeer | - PowerPoint PPT Presentation

Jan 21, 2023 •265 likes •983 views

2013 - The year in Review thinkst applied research @haroonmeer | @marcoslaviero Who we are (and why does it matter?) Who we are (and why does it matter?) So... 2013 2013 Significant Events Research Themes Future Themes ? References / Links

  1. 2013 - The year in Review thinkst applied research @haroonmeer | @marcoslaviero

  2. Who we are (and why does it matter?)

  4. Who we are (and why does it matter?)

  5. So... 2013

  6. 2013 Significant Events Research Themes Future Themes ?

  7. References / Links

  8. OMG!!! CHINA

  9. 3 Broad Sections: Unit 61398 APT1 Conclusion

  10. “The secretary of state, Hillary Rodham Clinton, said on Thursday that a global effort was needed to establish rules for cyberactivity.”

  11. 3 Broad Sections: Unit 61398 APT1 Conclusion

  12. 3 Broad Sections: Unit 61398 ! info@thinkst.com APT1 research@thinkst.com ! http://www.thinkst.com Conclusion Client : Haroon Meer ThinkstScapes Ad-hoc Information Update 2013 / AH1 China Did It

  13. The new policy document pushed through by the White House includes the promise of "Enhanced Domestic Law Enforcement Operations" and "Improved Domestic Legislations" as two of its five strategic action items. The penny drops. First comes the bogeyman, and then comes the protection we need: more legislation and more law enforcement.

  14. ! info@thinkst.com research@thinkst.com ! http://www.thinkst.com Client : Haroon Meer ThinkstScapes Ad-hoc Information Update 2013 / AH1 China Did It There is little cost to posting analysis online, especially where the conclusions pass a basic smell test or reinforce preconceived ideas. But there are many types of analysis including recounts of hacks, malware analysis by both professionals and amateurs, intelligence analysis in tracking down attackers, statistics and metrics and general punditry. Each has different burdens of proof, depending on the conclusions drawn and the value assigned to the results. The APT1 report was portrayed as conclusive evidence of Chinese military espionage, but instead it is more akin to an intelligence estimate, in which separate threads are woven together into a form acceptable to the analyst, but alternatives have not been excluded . Mandiant provide no confidence interval for their estimate, except to state “beyond reasonable doubt”!

  16. HTP vs. MIT Rival group on SwiftIRC SwiftIRC has Linode Servers Linode uses name.com for DNS Linode + old code Access to Nmap, Nagios, Sucuri. Hak5 (and the machine i still use to irc)

  17. Rational actor myth Determination & Patience Incident Response Detection Supply Chain Problems

  19. Dismissal Sysadmin danger! USB : Unlimited Secrets Bus US-centric Clouds

  20. PS | AS

  21. On the fringes

  22. Images: Wikipedia

  25. Image: The Washington Post

  26. Year of the Phish ?

  28. Let’s talk talks (& Research) Trends

  30. Speakers (BlackHat.1997)

  31. BlackHat Speakers 2010 1997

  33. Scale Defense Metrics Devices CyberWar Active Defense Bounties Exploitation

  34. Scale

  35. Scale

  36. Scale

  37. Scale

  38. Scale

  39. Scale

  40. Talk about Talks Scale

  41. Scale Defense Metrics Devices CyberWar Active Defense Bounties Exploitation

  42. Devices

  43. Devices

  44. Devices

  45. Devices

  46. Aircraft Hacking (2) Devices

  47. Car Hacking Devices

  48. Scale Defense Metrics Devices CyberWar Active Defense Bounties Exploitation

  49. Control-Flow integrity in Web Applications Sorry Your Princess is in Another Castle: Intrusion Deception to Protect the Web Active Defense

  50. Scale Defense Metrics Devices CyberWar Active Defense Bounties Exploitation

  51. Reflection in Managed Languages: James Foreshaw Breaking XML DigSig: James Foreshaw UEFI Attacks Android Attacks De-Anonymizing Alt.Anonymous.Messages Exploitation

  53. Reflection in Managed Languages: James Foreshaw Breaking XML DigSig: James Foreshaw UEFI Attacks Android Attacks De-Anonymizing Alt.Anonymous.Messages Exploitation

  54. Scale Defense Metrics Devices CyberWar Active Defense Bounties Exploitation

  55. A Password is Not Enough: Why disk encryption is broken and how we might fix it Finding DNS tunnels through information theory (“Practical Comprehensive Bounds on Surreptitious Communication over DNS”) Attack Driven Defense Phishing as training “Building Antibodies – The Phishing program at Twitter" Defense

  61. A Password is Not Enough: Why disk encryption is broken and how we might fix it Finding DNS tunnels through information theory (“Practical Comprehensive Bounds on Surreptitious Communication over DNS”) Attack Driven Defense Phishing as training “Building Antibodies – The Phishing program at Twitter" Defense

  63. http://phish5.com

  64. Scale Defense Metrics Devices CyberWar Active Defense Bounties Exploitation

  65. Extremely prominent researchers shout them down, but the programs allow up-n-coming folks to get started. Google started paying for open source bugs and fixes. Microsoft now pays out for mitigation bypasses. Bugcrowd “An Empirical Study of Vulnerability Rewards Programs” shows that for the cost of roughly 1 security engineer, programs returned about 25% of all significant bugs. Bounties

  66. [Rising|Falling] Trends

  67. LE Hacks Big Data? BYOD OPSEC Hacktivism Drones SCADA Sensors Mobile (we hope) AV Hacks StrikeBack Privacy Home Spun Security

  68. Dan Geer (Trends in CyberSec) Trend #10: Complexity in the supply chain Security is non-composable Trend #12: Attack surface growth versus skill growth we are expanding the society-wide attack surface faster than we are expanding our

  69. Dan Geer (Trends in CyberSec) “Where there are so many questions and so few answers, such deep needs and such shallow appreciation of trend directions, the greatest risk is the risk of simplistic solutions carried forward by charismatic fools”

  70. http://www.theguardian.com/commentisfree/2013/dec/16/fake-mandela-memorial-interpreter-schizophrenia-signing http://thinkst.com/thinkstscapes http://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf http://www.whitehouse.gov/sites/default/files/omb/IPEC/admin_strategy_on_mitigating_the_theft_of_u.s._trade_secrets.pdf http://www.aljazeera.com/indepth/opinion/2013/02/201322510446268971.html http://www.exploit-db.com/papers/25306/ HTP5 http://blog.thinkst.com/2013/10/when-we-win-it-is-with-small-things-and.html http://www.cert.org/flocon/2013/presentations/bellovin-keynote-thinking-security.pdf https://media.blackhat.com/eu-13/briefings/Gaivoronski/bh-eu-13-hybrid-defense-gaivoronski-slides.pdf https://zmap.io/ http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html#.UrHC5GQW1Ec https://dominicspill.com/daisho/Daisho-Troopers13.pdf https://www.troopers.de/wp-content/uploads/2012/12/TROOPERS13-You_wouldnt_share_a_syringe_Would_you_share_a_USB_port-Sergey_Bratus +Travis_Goodspeed.pdf http://int3.cc/products/usbcondoms http://conference.hitb.org/hitbsecconf2013ams/materials/D1T1%20-%20Hugo%20Teso%20-%20Aircraft%20Hacking%20-%20Practical%20Aero %20Series.pdf http://blog.ioactive.com/2013/08/car-hacking-content.html http://web.sec.uni-passau.de/papers/2013_Braun_Gemein_Reiser_Posegga-Control-Flow_Integrity_in_Web_Applications.pdf http://forums.juniper.net/jnet/attachments/jnet/networkingnow/590/1/bsides%20intrusion%20deception.ppt http://ritter.vg/blog-deanonymizing_amm.html http://blog.kaspersky.com/roundup-2013/ http://www.slideshare.net/zanelackey/attackdriven-defense https://ruxconbreakpoint.com/assets/slides/building%20antibodies%2060%20min.pdf http://www.icir.org/vern/papers/covert-dns-usec13.pdf http://geer.tinho.net/geer.nro.6xi13.txt

  71. http://thinkst.com/thinkstscapes @haroonmeer | @marcoslaviero

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

2013 Year End Review of Operations General Committee March 3, 2014 2013 Year End Review of

2013 Year End Review of Operations General Committee March 3, 2014 2013 Year End Review of

Building Markhams Future Together City of Markham 2013 Year End Review of Operations General Committee March 3, 2014 2013 Year End Review of Operations The presentation provides a review of the 2013 actual results compared to the operating

370 views • 14 slides
Half Year Results 2013 Half Year Results 2013 > Introduction & highlights Market review

Half Year Results 2013 Half Year Results 2013 > Introduction & highlights Market review

Half Year Results 2013 25 JULY 2013 Half Year Results 2013 Half Year Results 2013 > Introduction & highlights Market review Group financial results Mining segment Metals Processing segment Safety, health & environment Outlook

816 views • 38 slides
Agenda 1. Get Pizza! 2. 2013-14 Year in Review 3. COC at the Championships 4. Open-Source

Agenda 1. Get Pizza! 2. 2013-14 Year in Review 3. COC at the Championships 4. Open-Source

Agenda 1. Get Pizza! 2. 2013-14 Year in Review 3. COC at the Championships 4. Open-Source Mapping for Everyone 5. COC Local Venue Planning 6. Looking Forward to a Great 2015 7. Making It Happen: Small group brainstorming 2013-2014 Year In

389 views • 7 slides
5-Year Review OCP Monitoring Program 5 Year Review Annual Review Five Year Review

5-Year Review OCP Monitoring Program 5 Year Review Annual Review Five Year Review

OFFICIAL COMMUNITY PLAN 5-Year Review OCP Monitoring Program 5 Year Review Annual Review Five Year Review Snapshot of progress Trends and forecasts 17 annual indicators Identification of policy implications for

925 views • 40 slides
Doing More with Less 2013 A Year in Review Presented by: Scott G. Colby, EVP Janet

Doing More with Less 2013 A Year in Review Presented by: Scott G. Colby, EVP Janet

Doing More with Less 2013 A Year in Review Presented by: Scott G. Colby, EVP Janet Monahan, Deputy EVP Date: November 9, 2013 2013 Doing More with Less! Legislative Activities Membership Trend & Recruitment

488 views • 23 slides
Operations and Year- End Projection General Committee September 23, 2013 2013 July Year-To-Date

Operations and Year- End Projection General Committee September 23, 2013 2013 July Year-To-Date

Building Markhams Future Together 2013 July Year-To-Date (YTD) Review of Operations and Year- End Projection General Committee September 23, 2013 2013 July Year-To-Date (YTD) Review of Operations and Year-End Projection The report provides

453 views • 14 slides
2013 Year in Review Campaign Success Hotel business up 6% in National City in 2013 according

2013 Year in Review Campaign Success Hotel business up 6% in National City in 2013 according

2013 Year in Review Campaign Success Hotel business up 6% in National City in 2013 according to Smith Travel Research In January, February and March the months we were asked to impact hotel business was up 15%, 11% and 17%

790 views • 32 slides
UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review

UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review

UOITFA Third Year Review Workshop 2019-05-21 UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review Article 19 of the Collective Agreement Give feedback and advice to tenure- stream Faculty Members at

492 views • 11 slides
Financial Data FOR FISCAL YEAR 2013-2014 Budget Goals Cope with RLC disappearance

Financial Data FOR FISCAL YEAR 2013-2014 Budget Goals Cope with RLC disappearance

Financial Data FOR FISCAL YEAR 2013-2014 Budget Goals Cope with RLC disappearance Identify US 290 ancillary costs Fee review year Get ahead of county / state increases Review long-standing contractual relations Systematic

145 views • 12 slides
Northgate plc Preliminary results Year ended 30 April 2013 June 2013 Agenda Financial

Northgate plc Preliminary results Year ended 30 April 2013 June 2013 Agenda Financial

Northgate plc Continued growth Interim results for the six months ended 31 October 2014 Northgate plc Preliminary results Year ended 30 April 2013 June 2013 Agenda Financial review Chris Muir Operational review Bob Contreras UK

561 views • 30 slides
OPA 81 PUBLIC MEETING May 28, 2013 Purpose of Official Plan 5-Year Review Ensure the

OPA 81 PUBLIC MEETING May 28, 2013 Purpose of Official Plan 5-Year Review Ensure the

County Official Plan 5-Year Review OPA 81 PUBLIC MEETING May 28, 2013 Purpose of Official Plan 5-Year Review Ensure the Official Plan addresses provincial policy and plans 2005 Provincial Policy Statement addressed through OPA 53 (2007)

684 views • 33 slides
HALF YEAR RESULTS PRESENTATION 6 MONTHS ENDED 30 JUNE 2013 7 August 2013 www.bupa.com 1

HALF YEAR RESULTS PRESENTATION 6 MONTHS ENDED 30 JUNE 2013 7 August 2013 www.bupa.com 1

HALF YEAR RESULTS PRESENTATION 6 MONTHS ENDED 30 JUNE 2013 7 August 2013 www.bupa.com 1 AGENDA 2013 HALF YEAR RESULTS PRESENTATION 1.0 Introduction and Highlights Stuart Fletcher, Chief Executive Officer 2.0 Financial Review Evelyn

317 views • 29 slides
Breakfast Seminar Series Labour Arbitration Update: The Year in Review September 19, 2013

Breakfast Seminar Series Labour Arbitration Update: The Year in Review September 19, 2013

Breakfast Seminar Series Labour Arbitration Update: The Year in Review September 19, 2013 September 19, 2013 www.ehlaw.ca Your Mock Arbitration Panel Sheri Farahani Arbitrator Sh i F h i A bit t Paul Lalonde Union

76 views • 6 slides
UOIT Third Year Review 1 3 rd Year Review ! Article 19 of the Collective Agreement Give

UOIT Third Year Review 1 3 rd Year Review ! Article 19 of the Collective Agreement Give

UOIT%Faculty%Associa1on%3%Third%Year%Review% 16305311% Workshop%2016% UOIT Third Year Review 1 3 rd Year Review ! Article 19 of the Collective Agreement Give feedback and advice to tenure- stream Faculty Members at the rank of Assistant

439 views • 11 slides
Palliative Care: Year in Review 2013 Lynn A. Flint Eric Widera UCSF, Division of Geriatrics No

Palliative Care: Year in Review 2013 Lynn A. Flint Eric Widera UCSF, Division of Geriatrics No

5/28/2013 Palliative Care: Year in Review 2013 Lynn A. Flint Eric Widera UCSF, Division of Geriatrics No disclosures 1 5/28/2013 Objectives 1. Define palliative care 2. Discuss recent findings in palliative care research focus on health

955 views • 26 slides
4 Year Review Workshop Agenda 8:00 a.m. - Introductions 8:15 a.m. - What is 4 Year Review?

4 Year Review Workshop Agenda 8:00 a.m. - Introductions 8:15 a.m. - What is 4 Year Review?

Common Academic Program: 4 Year Review Workshop Agenda 8:00 a.m. - Introductions 8:15 a.m. - What is 4 Year Review? 8:20 a.m. - What is the Process? 8:30 a.m. - Experience with Assessment 9:30 a.m. - Planning & Next Steps What is 4

657 views • 26 slides
NEEDLES IN A HAYSTACK: MINING INFORMATION FROM PUBLIC DYNAMIC SANDBOXES FOR MALWARE INTELLIGENCE

NEEDLES IN A HAYSTACK: MINING INFORMATION FROM PUBLIC DYNAMIC SANDBOXES FOR MALWARE INTELLIGENCE

NEEDLES IN A HAYSTACK: MINING INFORMATION FROM PUBLIC DYNAMIC SANDBOXES FOR MALWARE INTELLIGENCE Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi and Davide Balzarotti Eurecom Symantec Research Labs Universit degli Studi di

695 views • 34 slides
Bro Scripts The Bro Monitoring Platform Agenda Thursday Block 1: Bro-Overview and introduction.

Bro Scripts The Bro Monitoring Platform Agenda Thursday Block 1: Bro-Overview and introduction.

Bro Scripts The Bro Monitoring Platform Agenda Thursday Block 1: Bro-Overview and introduction. Structure, setup, administration. Exercise: find your way around in the training VM. Block 2: Bro-logs, network logs. Introduction on

292 views • 13 slides
Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee

Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee

Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee Email: rlee@dragos.com Web: www.dragos.com Agenda Where We Are Selected Case Studies in Cyber Attacks Where Were Heading

424 views • 24 slides
Hypoparathyroidism: From Diagnosis to New Management Options Dolores Shoback, MD Professor of

Hypoparathyroidism: From Diagnosis to New Management Options Dolores Shoback, MD Professor of

3/18/16 Hypoparathyroidism: From Diagnosis to New Management Options Dolores Shoback, MD Professor of Medicine University of California, San Francisco Continuing Medical Education March 18, 2016 Disclosure Investigator on NPS

404 views • 25 slides
OSINT: The Secret Weapon in Hunting Nation-State Campaigns alon@intsights.com Alon Arvatz

OSINT: The Secret Weapon in Hunting Nation-State Campaigns alon@intsights.com Alon Arvatz

DETECT . ANALYZE . REMEDIATE OSINT: The Secret Weapon in Hunting Nation-State Campaigns alon@intsights.com Alon Arvatz +972-545444313 1 1 1 What People Think 2 True or False? Threat intelligence Nation-state actors Commercial threat

247 views • 24 slides
Hunting and detecting APTs using Sysmon and PowerShell logging TOM UELTSCHI BOTCONF 2018 C:>

Hunting and detecting APTs using Sysmon and PowerShell logging TOM UELTSCHI BOTCONF 2018 C:>

Hunting and detecting APTs using Sysmon and PowerShell logging TOM UELTSCHI BOTCONF 2018 C:> whoami /all Tom Ueltschi Swiss Post CERT / SOC / CSIRT since 2007 (over 11 years!) Focus & Interests: Malware Analysis, Threat Intel,

1.45k views • 115 slides
GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response Investing in new talent & capabilities Incident response Cyber intelligence Digital forensics Security architecture Identity management

609 views • 42 slides
Acute Variables Of Training The Process Of Designing Training Plans SBS Academy: Unit 2 Mo

Acute Variables Of Training The Process Of Designing Training Plans SBS Academy: Unit 2 Mo

Acute Variables Of Training The Process Of Designing Training Plans SBS Academy: Unit 2 Mo Module le 2. 2.8 Unit 2- Coaching For Physique Athletes Learning Objectives Understand the role of exercise selection in training for

282 views • 14 slides

More recommend