Presentations - BAB0: A custom sample that bypassed cutting-edge APT attack detection tools

  • Location: Security Theater
  • Speaker: Boldizsár Bencsáth
  • Date and time: 10. October 2015. 15:50 - 16:35

In this talk, we present BAB0, a custom sample that we developed for testing purposes and that bypassed 5 cutting-edge APT attack detection tools.

In this talk, we present BAB0, a custom sample that we developed for testing purposes and that bypassed 5 cutting-edge APT attack detection tools. We explain why BAB0 escaped detection both in the phase of infecting the victim and later during continuous communications with a remote C&C server. We show the tricks that we designed and implemented in BAB0 and try to make some demonstrations as well. We also elaborate on the problems of testing anti-APT products in general, and give some hints on new testing methodologies that are currently emerging within the AV test community.

Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical