Open Source as fuel of recent APT - HITCON
Open Source as fuel of recent APT
Dec 2017
Yoshihiro Ishikawa
Copyright ?LAC Co., Ltd. All Rights Reserved.
Who am i?
? Organization: LAC
? Department: Cyber Counter Threat Team
? Job Title: Security Researcher
Yoshihiro Ishikawa
CISSP
yoshihiro.ishikawa[at]lac.co.jp
2
Copyright ?LAC Co., Ltd. All Rights Reserved.
Agenda
Purpose
n Open Source Malware Targeting MacOS
n PowerShell Empire improperly used
n Prevention method
n Conclusion
n
3
Copyright ?LAC Co., Ltd. All Rights Reserved.
Purpose
n
Recently, there are so many APT attacks
fueled by the usage of the open source tools
and malware.
PowerSploit
QuasarRAT
Tiny SHell
Koadic
n
Why?
n
n
n
Actors performing attacks using open source tools
are becoming more easy and more resourceful.
Actors are likely anonymize their attacks.
Actors usually modified their attack code and
created a new customized malware easily.
mimikatz
Pupy
Trochilus
Nishang
4
Copyright ?LAC Co., Ltd. All Rights Reserved.
Purpose: APT groups with Open Source Tools
n
APT10 (menuPass): PowerSploit, Koadic, QuasarRAT, Redleaves(Trochilus)
n
n
Cloudy Omega (Blue Termite): mimikatz
n
n
Critical Infrastructure and manufacture (South Korea and Japan)
PassCV/BARIUM (Winnti?)[2][3]: Metasploit, BeFF
n
n
Some companies, no specific trends (Japan)
Tick (BRONZE BUTLER): mimikatz
n
n
Public, Technology, Energy sectors, etc (USA, Canada, UK, France, South Korea, Japan, etc)[1]
Game makers (USA, China, Russia, South Korea, Taiwan and Japan)
Unsure Group (APT10): PowerShell Empire
n
Political and academic sectors (Japan)
In this presentation, I will introduce PassCV and
Unsure Group¡¯s TTPs confirmed in Japan in 2017
5
Copyright ?LAC Co., Ltd. All Rights Reserved.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- you ve got mail
- cybersecurity zero to hero with cyberchef
- open source as fuel of recent apt hitcon
- malware initial findings report mifr 10127623 2017 10 13
- below are a few examples of the spear phishing email used
- joint cybersecurity advisory
- usb attack to decrypt wi fi communications
- the rise and fall of amsi black hat briefings
- maze ransomware
- threat profile jupyter infostealer
Related searches
- open source crm
- open source content management system
- open source ticketing system
- examples of open source products
- list of free open source software
- list of open source software
- examples of open source projects
- examples of open source software
- types of open source software
- example of open source software
- three examples of open source software
- examples of open source technology