Super Bad RAT Reusing Adversary Tradecraft - Alexander Rymdeko Harvey

Explore the intricacies of advanced persistent threats (APTs) and malware techniques in this 50-minute conference talk from BSides Augusta 2016. Delve into topics such as persistent survivability, network leveraging, and deployment methods including WinSock and IPC Thread. Learn about reflective DLL injection, driver loading techniques, and full packet capture capabilities. Examine undocumented functionality, code walkthroughs, and the characteristics of long-term agents. Gain insights into rule creation, process creation, and understand why these concepts are crucial for cybersecurity professionals. Conclude with key takeaways on reusing adversary tradecraft and enhancing your understanding of sophisticated cyber threats.

Intro
Who am I
Dooku
Hacking Team Dump
Persistent Survivability Rating
Standard Deviation
Demo
Network Leveraging
Deployment Method
WinSock
IPC Thread
Native
Reflective dll
Reflective Demo
Driver Loading
Driver Helper Capabilities
Full Pack Capture
SCDriver Methods
Building SCDriver
PCAP
dlls
Service Creation
Undocumented functionality
Code walkthrough
apt
What makes them special
Longterm Agent
Agent Code
Why Should I Care
Core Agent
Rule Creation
Process Creation
Agent Demo
Takeaways
Outro