You will learn techniques to dynamically instrument binaries during execution with PinTool, or how to create Immunity Debugger plugins to hook malicious APIs. You will have the chance to understand and practice how to dissect the most sophisticated APT in our era, The Equation Group and see how they are able to hide their presence within hard drives by reprogramming the firmware.
Cyber-attacks have become so sophisticated over the years, that a new term has emerged – Advanced Persistent Threat, which we will refer to as APT. An APT is a group of individuals that have both the means and the intent to launch persistent attacks against specific targets. Understanding these groups and their behavior is important when evaluating threats against any organization.
Hackers have traditionally targeted large corporations, but today small to midsize businesses are being attacked with the same type of highly sophisticated malware. These new strains of advanced malware are often referred to as APTs
Modern malware uses Advanced techniques such as encrypted communication channels, kernel-level rootkits, and sophisticated evasion capabilities to get past a network’s defenses. More importantly, they often leverage zero day vulnerabilities – flaws for which no patch is available yet and no signature has been written.
Modern malware is often Persistent and designed to stick around. It’s stealthy and carefully hides its communications. It lives in a victim’s network for as long as possible, often cleaning up after itself by deleting logs, using strong encryption, and only reporting back to its controller in small, obfuscated bursts of communication.