Presentations

The Following Presentations Are Available For Download

Unclassified 2014 NSA ReBl Symposium Slides

Command and Control Systems

This presentation is an overview of advanced threat actor command and control systems, from implant to control system, we have identified over the last 14 years. We will start with a quick review of older web-based C2 systems and quickly move on to modern-day systems. We will include threat actor, malware, and network countermeasures we have seen advanced threat actors use to prevent the identification and investigation of these systems. We will include a few samples of captured malware and demonstrate several risk mitigation techniques we have seen advanced threat actors use to mitigate their risk, including octet switching, external DNS use, social networking, and other techniques to thwart the investigator and traditional identification solutions.
 
Download Link Will Be Activated After Conference
 

Hunting The 1%: Using Endpoint Analytical Solutions To Identify Advanced Threat Actors

This presentation will demonstrate how a new genre of advanced threat identification tools – endpoint analytical systems – can identify advanced threat actors operating on your enterprise network. Endpoint analytical systems can scale to the enterprise and rapidly combine networking, system configuration, memory, binary data and advanced analytics to rapidly identify advanced threat actors, their malicious code, and command and control systems. We will include a review of newly developed rapid identification techniques we developed, and will showcase several case studies from recent cases we have worked.

Download Link Will Be Activated After Conference