当前位置:首页 > 报告详情

桑内·马萨克斯_揭开APT背后的思维分析借口在CTI和归因中的作用.pdf

上传人: 张** 编号:175589 2024-09-13 52页 2.85MB

1、Unraveling the Mind behind the APTAnalyzing the Role of Pretexting in CTI and AttributionSpeaker:Sanne MaasakkersBlackHat USA 2024 briefingsContents3Introduction01Introduction02Research concept03Analyzing content04Analyzing context05Result&demos06Conclusion&outlookSanne4Introduction-Joined Mandiant

2、Intelligence/Google Cloud in 2023 as Senior Analyst-Previously worked in Red Team/Research&Intel Fusion Team(Fox-IT)and Fusion Centre(NCSC-NL)analyzing threats against The Netherlands-3 malware and being creative with(actor/threat)data-Coach of the European CTF team,creator of Hackchallenges-EU lead

3、 at(DEFCONs)Adversary Village383851515171710105 56 63 32 22 21 11 1ExploitPhishingPrior CompromiseStolen CredentialsBrute ForceWebCompromiseServer CompromiseThird-PartyCompromiseOtherPhishing(Social Media)SIM Swap%Threat groups6IntroductionThreat groups7IntroductionThreat groupsUNCUNCUNCUNCUNCUNCUNC

4、UNC8IntroductionUNCUNCUNCUNCUNCUNCUNCUNCUNCClusteringEmails are associated with a threat group mostly through various technical,tactical and strategical indicators,including:-TechnicalTechnical:reuse of malware or code within malware attachments,reuse of infrastructure,including IP addresses,domains

5、,and hosting providers.-TacticalTactical:consistent use of specific tactics in the infection chain,patterns in infrastructure.-StrategicalStrategical:common geographical and industry targeting.9IntroductionBehavioralBehavioralSpear phishing10IntroductionConceptThis research focuses on the behavioral

6、 characteristicsbehavioral characteristicsof APT phishing emails,including the pretext and email scenario,and their importance in linking(new)phishing campaigns to their authors.This includes both the content and contextcontent and contextof the email.11Research conceptExampleSubject:software update

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要探讨了高级持续性威胁(APT)和威胁情报(CTI)中预设情境的作用,以及如何通过行为特征分析将新的鱼叉式钓鱼攻击与作者联系起来。核心数据包括:1)基于行为特征的聚类模型准确性达到67%,结合元模型后准确性提高至88-96%;2)语言模型分析显示,钓鱼邮件中使用的主题、说服手法和社交工程技巧;3)元模型能够最佳整合三个个体模型的预测输出,用于此分析。文章指出,行为分析有助于威胁情报分析师了解特定威胁行为者的趋势和新的钓鱼手段,并支持威胁狩猎。未来研究可考虑将技术、战术和战略属性纳入模型,以获得更全面的 campaigns 视图。
"揭秘APT攻击背后的心理战术" "如何通过预设情景分析CTI威胁情报" "Sanne Maasakkers的黑色 Hat 演讲揭示了哪些网络安全新趋势?"
客服
商务合作
小程序
服务号
折叠