2019-10-24, 09:45–10:05, Europe
It is often thought that APT attacks is complex and involve 0-day exploits, stealthy lateral movement and hidden exfiltration path.
While this can be true, it is rarely the case. Even APT actors follow "it if works - don't broke it" rule and use tried and true tactics. If they can get away with it and achieve their goals, why not?
In this talk I’m going to present our discovery of an APT group which used rather simple TTPs but managed to stay undetected and hidden for years while breaching some high value targets in the fields of government, manufacturing, telecommunications etc.
We’re going to dive deep into incident response cases, dissection of tools and techniques they used to infiltrate targets and cover possible attribution.
I’m also going to talk about problems we faced during responding to these cases and present recommendations how to defend networks against this adversary.