Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Advanced Persistent Threat and You

The Advanced Persistent Threat and You

Introduction to APT for Perl Programmers presented at YAPC::NA in 2011. High level overview of why it matters to programmers, and how they can help protect their organizations. Yes, APT is a security buzzword, but it is very much a part of the world we software in!

Brad Lhotsky

June 28, 2011

More Decks by Brad Lhotsky

Other Decks in Technology


  1. The Advanced Persistent Adversary and You a lesson on why

    not to rewrite your slides the day before your talk Brad Lhotsky! http://twitter.com/reyjrar! http://github.com/reyjrar
  2. $PLAY Owner (how did that happen?) of Baltimore PM! http://baltimore.pm.org!

    ! ! Co-founder and regular of CharmSec! http://charmsec.org! http://citysec.org
  3. security noun 1 the security of the nation's citizens: safety,

    freedom from danger, protection, invulnerability. ANTONYMS vulnerability, danger. 2 he could give her the security she needed: peace of mind, feeling of safety, stability, certainty, happiness, confidence. ANTONYMS disquiet. 3 security at the court was tight: safety measures, safeguards, surveillance, defense, protection. 4 additional security for your loan may be required: guarantee, collateral, surety, pledge, bond.
  4. Compromised: DoD • In April of 2009 malware was discovered

    on the DoD Classified network, it stole at least 6 terabytes of data before being detected! • The entire volume of data pertaining to the Joint Strike Fighter Program was taken
  5. Compromised: HB Gary • Aaron Bar decides to unmask Anonymous

    in late 2010! • Feb 5th 2011, Anonymous announce compromise of HB Gary including internal email and documents! • Feb 7th, Anonymous release torrent of all the data! • FBI/DoD were contracting HB Gary to develop malware for domestic spying initiatives
  6. Compromised: RSA • March 17th, RSA announces they’ve been breached,

    details unknown. Says SecurID is “safe”! • April, Level 3 announces a breach believed to be related to SecurID! • May, DoD, DHS, and Lockheed Martin announce breaches confirming SecurID has been compromised
  7. Compromised: Sony • January 11th, 2011, Sony files a suit

    against George Hotz for a mod to the PS3 which allows another OS to be run! • Since April 14th of 2011, Sony and its holdings have experienced 20 major compromises, totaling more than 200 MILLION Customer records
  8. Compromised: AZPD • While I was writing this presentation, LulzSecurity

    released details of their compromise of the AZPD due to SB1070, the racial profiling bill! • Included in the press release were threats to continue targeting corrupt companies, politicians, law enforcement and military agencies.
  9. recommendations •Auditing! •Log fucking everything! •Configuration Management! •Puppet / Chef

    / whatever! •Visibility and Accessibility! •Graphs, Metrics! •Contingency Planning! •Risk Assessments! •Did you know it’s OK to have risks?
  10. cool deploy macros subversion::deploy { ‘project’:! owner => apache, group

    => apache,! svnurl => ‘svn+ssh://svn/repo/project’,! target => ‘/var/www/project’,! notify => Service[‘httpd’]! } It just got DevOpsy up in here .. https://github.com/reyjrar/svnutils
  11. Open Source Software and some glue, duct tape, and WD-40

    • Netdisco (Network Discovery via SNMP, CDP, LLDP)! • Custom libpcap based detectors at key points in the network (Service Discovery, DNS Monitoring, Traffic Monitoring)! • syslog-ng (Communication Bridge)! • dhcpd (Node Discovery)! • snort (Security Event Detection)! • Windows Event Logs (Correlation / Discovery)! • OSSEC HIDS (Correlation / Detection / Prevention)! • PostgreSQL Database (Storage / Correlation)! • RRDTool (Storage / Visual Analysis)! • Perl (Glue / Duct Tape / WD-40)