Speaker: Marshall Heilman
"Spies in the Wires" is a term used to refer to an entity's ability to surreptitiously gather data from a remote victim organization through the Internet, often used in conjunction with foreign governments. In most instances the victim organization does not even realize it has been penetrated. Once the victim organization has been notified of the breach, the daunting task of cleaning up the breach, notifying appropriate parties, and dealing with the ramifications of data loss, begins.
The talk will begin with a discussion of some of the more serious intelligence gathering threats faced by government, DIB, and contracting organizations today, followed by real world case studies to better demonstrate some of the threats. After a discussion of the threats, the talk will discuss various tools and techniques to combat major facets of each threat: Initial Exploitation, Lateral Infection, Persistence, Attacker Visibility, and Damages. Each facet will be discussed in detail and analyzed from the perspective of an attacker, an incident responder, and a security architect. This in-depth breakdown of each facet will ensure that the intricacies of each threat are understood before combative tools and techniques are discussed.
The tools and techniques discussed during this talk to combat "Spies in the Wires" were derived from countless hours of being on the frontlines at many unique organizations dealing with these threats. This talk approaches security from an operational "what works" standpoint and not from a theoretical, or best practices, standpoint.