Modern Reconnaissance Phase by APT – Protection Layer

The Talos researchers are no stranger to APT attacks. During recent research, we observed how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. During the presentation, we will not speak about a specific malware actor but we will use various different cases to illustrate how the reconnaissance phase is becoming more important and more complex.
This talk will mainly focus on the usage of malicious documents (Microsoft Office and Hangul Word Processor) and watering hole attacks designed to establish if the target is the intended one. We will mention campaigns against political or military organizations targeting USA, Europa and Asia.
Continue reading…


Not Safe For Organizing: The state of targeted attacks against civil society

Groups that work to protect human rights and civil liberties around the world are under attack by the many of the same attackers who target industry and government. These groups and organizations have far fewer resources to defend themselves, yet the stakes of the attacks are often much higher. This talk will give an update on the state of affairs, emphasizing two cases drawn from CItizen Lab’s recent work: attacks against the Tibetan community, and the Packrat group in Latin America.
Continue reading…


Bypassing Application Whitelisting in Critical Infrastructures

Application whitelisting is a concept which can be used to further harden critical systems such as server systems in SCADA environments or client systems with high security requirements like administrative workstations. It works by whitelisting all installed software on a system and after that prevent the execution of not whitelisted software. This should prevent the execution of malware and therefore protect against advanced persistent threat (APT) attacks. In this talk we discuss the general security of such a concept and what holes are still open for attackers. Continue reading…