BSidesChicago 2017 has ended
Saturday, July 15 • 5:30pm - 6:20pm
Sophisticuffs: The rumble over adversary sophistication
Feedback form is now closed.
It has been a reoccurring theme for corporate victims of a major breach to publicly state that the attack perpetrated on them was sophisticated. Some may even go so far as to have their 3rd party DFIR partner(s) make statements on their behalf to the effect that the attack would have been successful at most companies. All this is done in an attempt to avoid the dreaded assumption of IT Security negligence on their part. Imagine if the press release stated that the attack might have been thwarted if they implemented processes and controls that were recommended by internal staff years ago. While we will never read that statement, many practitioners are left to wonder what was so unique and advanced about this attack. With this presentation we will present analysis of existing public attacks against traits that are more common in truly advanced attacks. These include but are not limited to the ability to operate undetected, precise targeting, use of non-public zero days and custom payloads, ability to defeat in place security controls, strong operational security, speed and of course overall effectiveness. We will also make clear delineations between what constitutes and advanced attack versus an advanced adversary. The output of this will be a model that can be applied to help characterize your adversaries capabilities.

avatar for Paul Jaramillo

Paul Jaramillo

Paul Jaramillo has over ten years of experience conducting incident response and enterprise security operations, including a career with the U.S. Department of Energy’s National Nuclear Security Administration. As a Principal Consultant based out of CrowdStrike’s St. Louis office... Read More →

Saturday July 15, 2017 5:30pm - 6:20pm CDT
Williford A