spo2 w23 b-spo2-w23b

Download Spo2 w23 b-spo2-w23b

Post on 12-Apr-2017

65 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Session ID:

    Session Classification:

    Bruce Snell McAfee

    SPO2-W23B

    General Interest

    Real Time Forensics: Uncover the culprit while the body is still warm

  • Find out what was damaged/stolen Find out what attack was used Find out where data was sent Recovery of compromised systems

    What do we accomplish with Forensics?

  • Find out what was damaged/stolen Know who we need to notify Recover lost/damaged systems Better prepare defense for next time

    What do we accomplish with Forensics?

  • Find out what was attack was used Reporting Otaku factor

    What do we accomplish with Forensics?

  • Find out where the data was sent Aid in investigation by authorities Strengthen defense against future attacks

    What do we accomplish with Forensics?

  • Recovery of compromised systems Identify which systems are impacted Costly physical recovery typically needed

    What do we accomplish with Forensics?

  • to provide real time forensics?

    What would it take

  • Every machine? In your entire Enterprise

    With the exact state information?

    Go!

    Can you grab data from

  • Multiple vulnerabilities exposed in Adobe Flash CVE-2013-0633

    Used in targeted attacks, disguised as Word email attachment Contains malicious Flash content Buffer overflow

    CVE-2013-0634 Exploit reported by Lockheed Martin, MITRE and others, suggesting

    targeted industrial espionage Memory corruption

    Scenario

  • How do you react?

  • Demo

  • P2P Speed

    zone server

    command server

    continuous connection

  • Questions?

  • Real Time Forensics:Uncover the culprit while the body is still warmSlide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14