Tag Archives: RSA

APT1: The State of the Hack One Year Later

| By | Advanced Threat Trends, Business of Security, Executive Perspectives, Security Perspective

A little over a year ago, Mandiant released a report that brought the term “Advanced Persistent Threat” (APT) into the public conversation and made these types of targeted attacks top of mind for government and commercial organizations around the world. Recently, FireEye COO, Kevin Mandia took the stage at RSA USA 2014 to take a look back and share his perspective on the activities that led to the release of the APT1 report and the aftermath.

While the initial report caused a media frenzy, unquestionably, the most important part of the story is the aftermath. Mandiant released the report to elevate the dialogue and address the frustration of organizations that were throwing money at cybersecurity problems and still facing attacks. Yet, the results were not what we expected.

Watch the video below for Kevin’s full speech and feel free to drop a comment below to continue the discussion.

Conference Stuff

| By | Security Perspective, Technology, Threat Intelligence

The Present

Hi-ho, Julia here. So, here’s a summary of computer security conference related things that I’m involved with.

I’ll be at the RSA Expo for at least one of the days next week (probably Wednesday). So if you see a blue-haired weirdo wandering around, asking vendors difficult questions¹, that’s probably me. If you would like to wander around the Expo for free too, then enter the code EC10FIR [Expires Friday Feb 26] into the appropriate field from wherever this link <Register Now!> may lead you. You’ll need to register — enter a bunch of personal information about yourself first, so that you can get a ton of junk mail later this year. However, note that the only thing they actually seem to check when you pick up your badge at the expo, is the name on your government issued photo ID. So, in previous years my job title has been Professional Tomato Squeezer, working for the Instrumentality of Penguins Project — which is how I know when marketers are using RSA’s mailing list.

FireEye has a booth at RSA this year (Booth #332) See also: Official FireEye RSA2010 Stuff.

The Past

And from last October, these are my ToorCon 11 Slides [ironically PDF] They’re almost the same as the ones from my Brucon talk, but with a little more stuff.

The Future

I’ll be presenting a talk at PH-Neutral 0x7DA on how to do horrible things with PDF files. Not just exploits and syntax abuse/obfuscation, but tricks like generating the Mandelbrot set with the halftone screen spot functions.

I’m thinking of submitting a talk to Black Hat or Defcon. Are there any topics that you, the reader, would like to hear me talk about? Sure, I could do an in-depth technical talk on a specific botnet. Or a less-in-depth presentation on a whole bunch of different malware. Or a talk about reading/writing exploits and reverse engineering. Or an actually-good-talk on old-school phreaking. Of course, Defcon being Defcon, I could probably submit a talk on Goetic demon summoning (with live demonstration!) and it would get accepted. So… suggestions?

I promise that my next blog post will have more crypto and hexdumps in it.

¹ For example…

Vendor: Our product is software that you install on your windows laptop, which calls home to check if it has been stolen. And if so, deletes sensitive documents to keep them from falling into the wrong hands.

Me: So, what if rather than booting the laptop into Windows normally, the person who stole the laptop takes the hard drive out and reads the data with Linux?

Vendor: <crickets chirping> … You’ll need to talk to one of our engineers.

Julia Wolf @ FireEye Malware Intelligence Lab
Questions/Comments to research [@] fireeye [.] com