SlideShare ist ein Scribd-Unternehmen logo

BlueHat v18 || Modern day entomology - examining the inner workings of the bug bazaar

BlueHat Security Conference
BlueHat Security Conference

The document discusses the modern zero-day exploit market and economy. It describes how vulnerabilities are found by researchers and sold through brokers to various parties, including governments, criminals, and exploit kit creators. It also outlines trends in the market, such as the impact of new mitigations, regulations, and events like Pwn2Own on the sale of exploits. Finally, it shares some examples of vulnerabilities the Zero Day Initiative has helped patch and the conclusion encourages questions.

Technologie
1 von 44
Downloaden Sie, um offline zu lesen
Modern Day Entomology Examining the Inner Workings of the Bug Bazaar
2 Copyright 2018 Trend Micro Inc. Director of Vulnerability Research at Trend Micro Leads the Zero Day Initiative Organizes Pwn2Own Approver of Payments Past Experiences Lead Developer at Lockheed Martin Past research: Microsoft Bounty submission Patents on Exploit Mitigation Technologies Bug hunting in many products BS in Computer Engineering – Texas A&M University MS in Software Engineering – Southern Methodist University Twitter: @MaliciousInput Brian Gorenc
Copyright 2018 Trend Micro Inc.3
4 Copyright 2018 Trend Micro Inc. How it works Trend Micro Customers Protected Ahead of Patch Other Network Security Vendor’s Customers at Risk Vulnerability submitted to the ZDI program Vendor Notified Digital Vaccine® Filter Created Vendor Response Window Vulnerability is Patched or Remains Unfixed Public Disclosure
Exploit Economy
6 Copyright 2018 Trend Micro Inc. Economy in Action Researchers Finds Bugs Bug Bounty Program Report to Vendor Sell Report $1K - $25K Signatures Exploit Kit Creator $10K - $100K Vuln Broker Government $10K - $1000K $10K - $1000K Bot HerderBotnet Creator Compromises PCs Sells Kit Rents Botnet Spammer DDoS Extortion Credential Harvesting Smart Criminal Make One Big Purchase Sells Stolen Creds Dumb Criminal Buys Beer & Chips Re-Sells Stolen Creds Used Against??
7 Copyright 2018 Trend Micro Inc. 0 100 200 300 400 500 600 700 800 900 1000 Qtr4 2013 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 Qtr2 Active economy
8 Copyright 2018 Trend Micro Inc. Variety High-Profile SCADA/IIoT Infrastructure Virtualization IoT Enterprise Security Misc Open Source Web Other Mobile Top Vendors
9 Copyright 2018 Trend Micro Inc. Global economy
10 Copyright 2018 Trend Micro Inc. Highly-deployed software submissions
11 Copyright 2018 Trend Micro Inc. SCADA submissions
12 Copyright 2018 Trend Micro Inc. Lessons learned from Hacking Team
13 Copyright 2018 Trend Micro Inc. Lucrative business
14 Copyright 2018 Trend Micro Inc. How to buy 0-day: Consultancy Services
15 Copyright 2018 Trend Micro Inc. How to buy 0-day: Vulnerability Brokers
16 Copyright 2018 Trend Micro Inc. Payments and Pay Schedules
17 Copyright 2018 Trend Micro Inc. Exploit Inventory
Market Factors and Trends
19 Copyright 2018 Trend Micro Inc. 0 5 10 15 20 25 30 35 40 Qtr1 2011 Qtr2 Qtr3 Qtr4 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Browser Click-to-Play Intervention
20 Copyright 2018 Trend Micro Inc. 0 10 20 30 40 50 60 70 80 90 100 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 New Mitigations
21 Copyright 2018 Trend Micro Inc. 0 10 20 30 40 50 60 70 80 90 100 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 New Mitigations
22 Copyright 2018 Trend Micro Inc. 0 5 10 15 20 25 30 35 40 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 End of Life Announcements
23 Copyright 2018 Trend Micro Inc. 0 20 40 60 80 100 120 140 160 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 Unchecked
24 Copyright 2018 Trend Micro Inc. 0 50 100 150 200 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 Predicting the Next
25 Copyright 2018 Trend Micro Inc. New Regulations
26 Copyright 2018 Trend Micro Inc. Pwn2Own
27 Copyright 2018 Trend Micro Inc. Targeted Incentive Program (TIP) Target Operating System Bounty (USD) Time Frame Joomla Ubuntu Server 18.04 x64 $25,000 August 2018 through September 2018 Drupal Ubuntu Server 18.04 x64 $25,000 August 2018 through September 2018 WordPress Ubuntu Server 18.04 x64 $35,000 August 2018 through October 2018 NGINX Ubuntu Server 18.04 x64 $200,000 August 2018 through November 2018 Apache HTTP Server Ubuntu Server 18.04 x64 $200,000 August 2018 through December 2018 Microsoft IIS Windows Server 2016 x64 $200,000 August 2018 through January 2019
War Stories 28
29 Copyright 2018 Trend Micro Inc. Living in the Shadow Brokers Reality
30 Copyright 2018 Trend Micro Inc. Shadow Brokers leaked hacking tools attributed to Equation Group, who have been tied to the NSA’s Tailored Access Operation unit EternalBlue, EwokFrenzy, etc. Revealed an interesting bug collision…CVE-2007-1675 ZDI acquired IBM Lotus Domino 0-day vulnerability in 2006 from Anonymous submitter • No authentication required • No check on length of attacker-supplied username • CVSS: 10 IBM patched this vulnerability in early 2007 and assigns it CVE-2007-1675 ShadowBrokers revealed the NSA hacking tool entitled EwokFrenzy in 2017 EwokFrenzy targets IBM Lotus Domino and exploits CVE-2007-1675 Killing NSA’s Tailored Access Operation exploits
31 Copyright 2018 Trend Micro Inc. Shades of Stuxnet
32 Copyright 2018 Trend Micro Inc. Killing CIA’s Closed Network Infiltration Tool
33 Copyright 2018 Trend Micro Inc. 33 Disrupting BlackEnergy
34 Copyright 2018 Trend Micro Inc. CVE-2018-8174 used in targeted attacks 1. Victim opens a malicious Microsoft Word doc 2. Malicious doc downloads HTML page containing VBScript 3. VBScript triggers Use-After-Free vulnerability VBScript Double Kill Vulnerability ITW
35 Copyright 2018 Trend Micro Inc. Matches Trending Data ZDI Pre-disclosure Guidance Catches CVE-2018-8373 CVE-2018-8373 ITW
Disclosure and Vendor Response
37 Copyright 2018 Trend Micro Inc. 1 54 80 99 101 301 354 203 288 430 666 700 1009 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 Advisories Per Year Over 4,000 advisories over the life of the program
38 Copyright 2018 Trend Micro Inc. 1 54 80 99 101 301 354 203 288 430 666 700 1009 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 0-Day Disclosures Per Year Over 4,000 advisories over the life of the program 0 0 0 0 0 0 29 20 7 54 61 54 119
39 Copyright 2018 Trend Micro Inc. Vulnerability Exposure Window 0 20 40 60 80 100 120 140 160 180 2013 2014 2015 2016 2017
40 Copyright 2018 Trend Micro Inc. Industry by Industry Comparison 0 20 40 60 80 100 120 140 160 180 200 Business Highly-Deployed SCADA Security
Conclusion
42 Copyright 2018 Trend Micro Inc. Conclusion
43 Copyright 2018 Trend Micro Inc. https://www.zerodayinitiative.com/blog Plugging In https://www.zerodayinitiative.com @thezdi PGP https://www.zerodayinitiative.com/documents/zdi-pgp-key.asc Fingerprint: 743F 60DB 46EA C4A0 1F7D B545 8088 FEDF 9A5F D228 zdi@trendmicro.com
Questions Thank you for your time and attention

Empfohlen

BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat Security Conference
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat Security Conference
 
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat Security Conference
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Adam Pennington
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
MITRE - ATT&CKcon
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
MITRE ATT&CK
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE - ATT&CKcon
 
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat Security Conference
 

Empfohlen

BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat Security Conference
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat Security Conference
 
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat Security Conference
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Adam Pennington
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
MITRE - ATT&CKcon
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
MITRE ATT&CK
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE - ATT&CKcon
 
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat Security Conference
 
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourState of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power Hour
Adam Pennington
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE - ATT&CKcon
 
Cloud security live hack - final meetup
Cloud security live hack - final meetupCloud security live hack - final meetup
Cloud security live hack - final meetup
AWS User Group North (Manchester)
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
PROIDEA
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE - ATT&CKcon
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE - ATT&CKcon
 
Putting the PRE into ATTACK
Putting the PRE into ATTACKPutting the PRE into ATTACK
Putting the PRE into ATTACK
MITRE - ATT&CKcon
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE - ATT&CKcon
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Understanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOSUnderstanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOS
Netpluz Asia Pte Ltd
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
MITRE ATT&CK
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
Greg Foss
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
CODE BLUE
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
Harry Gunns
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE - ATT&CKcon
 
Security precognition chaos engineering in incident response
Security precognition chaos engineering in incident responseSecurity precognition chaos engineering in incident response
Security precognition chaos engineering in incident response
Priyanka Aash
 
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
Hacken_Ecosystem
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablow
ISSA LA
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cloud security live hack - final meetup
Cloud security live hack - final meetupCloud security live hack - final meetup
Cloud security live hack - final meetup
AWS User Group North (Manchester)
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
PROIDEA
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE - ATT&CKcon
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
MITRE ATT&CK
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
CODE BLUE
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
Harry Gunns
 

Was ist angesagt? (20)

State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourState of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power Hour
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
 
Cloud security live hack - final meetup
Cloud security live hack - final meetupCloud security live hack - final meetup
Cloud security live hack - final meetup
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
 
Putting the PRE into ATTACK
Putting the PRE into ATTACKPutting the PRE into ATTACK
Putting the PRE into ATTACK
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
 
Understanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOSUnderstanding the Threat Landscape by SOPHOS
Understanding the Threat Landscape by SOPHOS
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
 
Security precognition chaos engineering in incident response
Security precognition chaos engineering in incident responseSecurity precognition chaos engineering in incident response
Security precognition chaos engineering in incident response
 

Ähnlich wie BlueHat v18 || Modern day entomology - examining the inner workings of the bug bazaar

Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
Black Duck by Synopsys
 
End to End Security - Check Point
End to End Security - Check PointEnd to End Security - Check Point
End to End Security - Check Point
Harry Gunns
 

Ähnlich wie BlueHat v18 || Modern day entomology - examining the inner workings of the bug bazaar (20)

Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablow
 
Automatizovaná bezpečnost – nadstandard nebo nutnost?
Automatizovaná bezpečnost – nadstandard nebo nutnost?Automatizovaná bezpečnost – nadstandard nebo nutnost?
Automatizovaná bezpečnost – nadstandard nebo nutnost?
 
Ga society of cpa's 2018 coastal chapter
Ga society of cpa's 2018 coastal chapterGa society of cpa's 2018 coastal chapter
Ga society of cpa's 2018 coastal chapter
 
Kba talk track 2018
Kba talk track 2018Kba talk track 2018
Kba talk track 2018
 
IRJET- Browser Extension for Cryptojacking Malware Detection and Blocking
IRJET- Browser Extension for Cryptojacking Malware Detection and BlockingIRJET- Browser Extension for Cryptojacking Malware Detection and Blocking
IRJET- Browser Extension for Cryptojacking Malware Detection and Blocking
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
Trend Micro 10 Minute Overview
Trend Micro 10 Minute OverviewTrend Micro 10 Minute Overview
Trend Micro 10 Minute Overview
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising Deck
 
Software Supply Chain Security in CI/CD Environment
Software Supply Chain Security in CI/CD EnvironmentSoftware Supply Chain Security in CI/CD Environment
Software Supply Chain Security in CI/CD Environment
 
ALMUERZO DE TRABAJO CHECKPOINT - SECURE SOFT
ALMUERZO DE TRABAJO CHECKPOINT - SECURE SOFTALMUERZO DE TRABAJO CHECKPOINT - SECURE SOFT
ALMUERZO DE TRABAJO CHECKPOINT - SECURE SOFT
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_Dec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Infosecurity - CDMX 2018
Infosecurity - CDMX 2018Infosecurity - CDMX 2018
Infosecurity - CDMX 2018
 
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
End to End Security - Check Point
End to End Security - Check PointEnd to End Security - Check Point
End to End Security - Check Point
 
Understing the mirai botnet and the impact on iot security
Understing the mirai botnet and the impact on iot securityUndersting the mirai botnet and the impact on iot security
Understing the mirai botnet and the impact on iot security
 

Mehr von BlueHat Security Conference

BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
BlueHat Security Conference
 
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Security Conference
 
BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Security Conference
 
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come aloneBlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
BlueHat Security Conference
 
BlueHat Seattle 2019 || Modern Binary Analysis with ILs
BlueHat Seattle 2019 || Modern Binary Analysis with ILsBlueHat Seattle 2019 || Modern Binary Analysis with ILs
BlueHat Seattle 2019 || Modern Binary Analysis with ILs
BlueHat Security Conference
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Security Conference
 
BlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
BlueHat Seattle 2019 || Autopsies of Recent DFIR InvestigationsBlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
BlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
BlueHat Security Conference
 
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Security Conference
 
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
BlueHat Security Conference
 
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Security Conference
 
BlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiledBlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiled
BlueHat Security Conference
 
BlueHat v18 || WSL reloaded - Let's try to do better fuzzing
BlueHat v18 || WSL reloaded - Let's try to do better fuzzingBlueHat v18 || WSL reloaded - Let's try to do better fuzzing
BlueHat v18 || WSL reloaded - Let's try to do better fuzzing
BlueHat Security Conference
 
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windowsBlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
BlueHat Security Conference
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat Security Conference
 
BlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without deviceBlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat Security Conference
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat Security Conference
 
BlueHat v18 || An ice-cold boot to break bit locker
BlueHat v18 || An ice-cold boot to break bit lockerBlueHat v18 || An ice-cold boot to break bit locker
BlueHat v18 || An ice-cold boot to break bit locker
BlueHat Security Conference
 
BlueHat v18 || May i see your credentials, please
BlueHat v18 || May i see your credentials, pleaseBlueHat v18 || May i see your credentials, please
BlueHat v18 || May i see your credentials, please
BlueHat Security Conference
 

Mehr von BlueHat Security Conference (20)

BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
 
BlueHat Seattle 2019 || Keynote
BlueHat Seattle 2019 || KeynoteBlueHat Seattle 2019 || Keynote
BlueHat Seattle 2019 || Keynote
 
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
 
BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
 
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come aloneBlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
 
BlueHat Seattle 2019 || Modern Binary Analysis with ILs
BlueHat Seattle 2019 || Modern Binary Analysis with ILsBlueHat Seattle 2019 || Modern Binary Analysis with ILs
BlueHat Seattle 2019 || Modern Binary Analysis with ILs
 
BlueHat Seattle 2019 || Don't forget to SUBSCRIBE.
BlueHat Seattle 2019 || Don't forget to SUBSCRIBE.BlueHat Seattle 2019 || Don't forget to SUBSCRIBE.
BlueHat Seattle 2019 || Don't forget to SUBSCRIBE.
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
 
BlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
BlueHat Seattle 2019 || Autopsies of Recent DFIR InvestigationsBlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
BlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
 
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
 
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
 
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
 
BlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiledBlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiled
 
BlueHat v18 || WSL reloaded - Let's try to do better fuzzing
BlueHat v18 || WSL reloaded - Let's try to do better fuzzingBlueHat v18 || WSL reloaded - Let's try to do better fuzzing
BlueHat v18 || WSL reloaded - Let's try to do better fuzzing
 
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windowsBlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
 
BlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without deviceBlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without device
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
 
BlueHat v18 || An ice-cold boot to break bit locker
BlueHat v18 || An ice-cold boot to break bit lockerBlueHat v18 || An ice-cold boot to break bit locker
BlueHat v18 || An ice-cold boot to break bit locker
 
BlueHat v18 || May i see your credentials, please
BlueHat v18 || May i see your credentials, pleaseBlueHat v18 || May i see your credentials, please
BlueHat v18 || May i see your credentials, please
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Kürzlich hochgeladen (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

BlueHat v18 || Modern day entomology - examining the inner workings of the bug bazaar

  • 1. Modern Day Entomology Examining the Inner Workings of the Bug Bazaar
  • 2. 2 Copyright 2018 Trend Micro Inc. Director of Vulnerability Research at Trend Micro Leads the Zero Day Initiative Organizes Pwn2Own Approver of Payments Past Experiences Lead Developer at Lockheed Martin Past research: Microsoft Bounty submission Patents on Exploit Mitigation Technologies Bug hunting in many products BS in Computer Engineering – Texas A&M University MS in Software Engineering – Southern Methodist University Twitter: @MaliciousInput Brian Gorenc
  • 3. Copyright 2018 Trend Micro Inc.3
  • 4. 4 Copyright 2018 Trend Micro Inc. How it works Trend Micro Customers Protected Ahead of Patch Other Network Security Vendor’s Customers at Risk Vulnerability submitted to the ZDI program Vendor Notified Digital Vaccine® Filter Created Vendor Response Window Vulnerability is Patched or Remains Unfixed Public Disclosure
  • 6. 6 Copyright 2018 Trend Micro Inc. Economy in Action Researchers Finds Bugs Bug Bounty Program Report to Vendor Sell Report $1K - $25K Signatures Exploit Kit Creator $10K - $100K Vuln Broker Government $10K - $1000K $10K - $1000K Bot HerderBotnet Creator Compromises PCs Sells Kit Rents Botnet Spammer DDoS Extortion Credential Harvesting Smart Criminal Make One Big Purchase Sells Stolen Creds Dumb Criminal Buys Beer & Chips Re-Sells Stolen Creds Used Against??
  • 7. 7 Copyright 2018 Trend Micro Inc. 0 100 200 300 400 500 600 700 800 900 1000 Qtr4 2013 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 Qtr2 Active economy
  • 8. 8 Copyright 2018 Trend Micro Inc. Variety High-Profile SCADA/IIoT Infrastructure Virtualization IoT Enterprise Security Misc Open Source Web Other Mobile Top Vendors
  • 9. 9 Copyright 2018 Trend Micro Inc. Global economy
  • 10. 10 Copyright 2018 Trend Micro Inc. Highly-deployed software submissions
  • 11. 11 Copyright 2018 Trend Micro Inc. SCADA submissions
  • 12. 12 Copyright 2018 Trend Micro Inc. Lessons learned from Hacking Team
  • 13. 13 Copyright 2018 Trend Micro Inc. Lucrative business
  • 14. 14 Copyright 2018 Trend Micro Inc. How to buy 0-day: Consultancy Services
  • 15. 15 Copyright 2018 Trend Micro Inc. How to buy 0-day: Vulnerability Brokers
  • 16. 16 Copyright 2018 Trend Micro Inc. Payments and Pay Schedules
  • 17. 17 Copyright 2018 Trend Micro Inc. Exploit Inventory
  • 19. 19 Copyright 2018 Trend Micro Inc. 0 5 10 15 20 25 30 35 40 Qtr1 2011 Qtr2 Qtr3 Qtr4 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Browser Click-to-Play Intervention
  • 20. 20 Copyright 2018 Trend Micro Inc. 0 10 20 30 40 50 60 70 80 90 100 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 New Mitigations
  • 21. 21 Copyright 2018 Trend Micro Inc. 0 10 20 30 40 50 60 70 80 90 100 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 New Mitigations
  • 22. 22 Copyright 2018 Trend Micro Inc. 0 5 10 15 20 25 30 35 40 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 End of Life Announcements
  • 23. 23 Copyright 2018 Trend Micro Inc. 0 20 40 60 80 100 120 140 160 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 Unchecked
  • 24. 24 Copyright 2018 Trend Micro Inc. 0 50 100 150 200 Qtr1 2012 Qtr2 Qtr3 Qtr4 Qtr1 2013 Qtr2 Qtr3 Qtr4 Qtr1 2014 Qtr2 Qtr3 Qtr4 Qtr1 2015 Qtr2 Qtr3 Qtr4 Qtr1 2016 Qtr2 Qtr3 Qtr4 Qtr1 2017 Qtr2 Qtr3 Qtr4 Qtr1 2018 Predicting the Next
  • 25. 25 Copyright 2018 Trend Micro Inc. New Regulations
  • 26. 26 Copyright 2018 Trend Micro Inc. Pwn2Own
  • 27. 27 Copyright 2018 Trend Micro Inc. Targeted Incentive Program (TIP) Target Operating System Bounty (USD) Time Frame Joomla Ubuntu Server 18.04 x64 $25,000 August 2018 through September 2018 Drupal Ubuntu Server 18.04 x64 $25,000 August 2018 through September 2018 WordPress Ubuntu Server 18.04 x64 $35,000 August 2018 through October 2018 NGINX Ubuntu Server 18.04 x64 $200,000 August 2018 through November 2018 Apache HTTP Server Ubuntu Server 18.04 x64 $200,000 August 2018 through December 2018 Microsoft IIS Windows Server 2016 x64 $200,000 August 2018 through January 2019
  • 29. 29 Copyright 2018 Trend Micro Inc. Living in the Shadow Brokers Reality
  • 30. 30 Copyright 2018 Trend Micro Inc. Shadow Brokers leaked hacking tools attributed to Equation Group, who have been tied to the NSA’s Tailored Access Operation unit EternalBlue, EwokFrenzy, etc. Revealed an interesting bug collision…CVE-2007-1675 ZDI acquired IBM Lotus Domino 0-day vulnerability in 2006 from Anonymous submitter • No authentication required • No check on length of attacker-supplied username • CVSS: 10 IBM patched this vulnerability in early 2007 and assigns it CVE-2007-1675 ShadowBrokers revealed the NSA hacking tool entitled EwokFrenzy in 2017 EwokFrenzy targets IBM Lotus Domino and exploits CVE-2007-1675 Killing NSA’s Tailored Access Operation exploits
  • 31. 31 Copyright 2018 Trend Micro Inc. Shades of Stuxnet
  • 32. 32 Copyright 2018 Trend Micro Inc. Killing CIA’s Closed Network Infiltration Tool
  • 33. 33 Copyright 2018 Trend Micro Inc. 33 Disrupting BlackEnergy
  • 34. 34 Copyright 2018 Trend Micro Inc. CVE-2018-8174 used in targeted attacks 1. Victim opens a malicious Microsoft Word doc 2. Malicious doc downloads HTML page containing VBScript 3. VBScript triggers Use-After-Free vulnerability VBScript Double Kill Vulnerability ITW
  • 35. 35 Copyright 2018 Trend Micro Inc. Matches Trending Data ZDI Pre-disclosure Guidance Catches CVE-2018-8373 CVE-2018-8373 ITW
  • 37. 37 Copyright 2018 Trend Micro Inc. 1 54 80 99 101 301 354 203 288 430 666 700 1009 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 Advisories Per Year Over 4,000 advisories over the life of the program
  • 38. 38 Copyright 2018 Trend Micro Inc. 1 54 80 99 101 301 354 203 288 430 666 700 1009 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 0-Day Disclosures Per Year Over 4,000 advisories over the life of the program 0 0 0 0 0 0 29 20 7 54 61 54 119
  • 39. 39 Copyright 2018 Trend Micro Inc. Vulnerability Exposure Window 0 20 40 60 80 100 120 140 160 180 2013 2014 2015 2016 2017
  • 40. 40 Copyright 2018 Trend Micro Inc. Industry by Industry Comparison 0 20 40 60 80 100 120 140 160 180 200 Business Highly-Deployed SCADA Security
  • 42. 42 Copyright 2018 Trend Micro Inc. Conclusion
  • 43. 43 Copyright 2018 Trend Micro Inc. https://www.zerodayinitiative.com/blog Plugging In https://www.zerodayinitiative.com @thezdi PGP https://www.zerodayinitiative.com/documents/zdi-pgp-key.asc Fingerprint: 743F 60DB 46EA C4A0 1F7D B545 8088 FEDF 9A5F D228 zdi@trendmicro.com
  • 44. Questions Thank you for your time and attention