As a member of .HR GovCERT, we are involved into all major government related incidents, including state-sponsored APT attacks. In this talk I would like to present the technical analysis of one recent APT incident. During the incident analysis, we have encountered two different (though connected) campaigns against government users, where several 0-day exploits (Word+Flash) have been used. As in majority of incidents (even state-sponsored) typical “”phishing”” attack vectors are used (e.g. Word Macros or malicious attachment), we were quite astonished to get our hands on such malicious samples for analysis. As the analysis has been an unique experience, I believe that the audience will have a chance to learn a thing or two from the presented material.

p.s. I’ll try to obfuscate the non-technical details as much as possible because of the sensitivity of the incident

Mirosalv Stampar – IT Security Advisor – Expert at Croatian Government’s CERT, part of the Information Systems Security Bureau (ZSIS). Born in 1982., writing and breaking computer code for as long as he can remember. A PhD candidate with Master’s Degree in Computer Science at Faculty of Electrical Engineering and Computing (FER), University of Zagreb, Croatia.

Hacker, challenge solver, occasional CTF-er and an author of sqlmap, open source project for automated detection and exploitation of SQL injection vulnerabilities, along with numerous other offensive and defensive information security tools (e.g. Maltrail, DSSS, DSXS, DSJS, DSVW, tsusen, etc.). Also, Croatian Chapter Lead for The Honeynet Project.



[ Slides (PDF) ] [Recording (MP4)] [Recording (OGV)]

Comments are closed.