This talk is the story of 0-day PDF attacks, the now famous gh0stnet ring and the disclosure debacle of the Adobe JBIG2 vulnerability in January and February 2009. This is the story of international cyber-espionage using 0-days and the fierce debate over how to defend networks in the face of prolonged periods of exposure to unpatched vulnerabilities.
We seek to answer the following questions in this talk:
<strong>Matt Richard</strong> is Malicious Code Operations Lead at Raytheon Corporation. At Raytheon he is responsible for analyzing and reporting on samples of unknown malicious code and other suspicious activity. Matt was previously Director of Rapid Response at iDefense. For 7 years before that, Matt created and ran a managed security service used by 130 banks and credit unions. In addition he has done independent forensic and security consulting for a number of national and global companies. Matt has written a number of tools including a web application testing tool, log management and intrusion detection application and an automated Windows forensics package. Matt currently holds the CISSP, GCIA, GCFA and GREM certifications.
<strong>Steven Adair</strong> is a security researcher with The Shadowserver Foundation and a Principal Architect at eTouch Systems. At Shadowserver Steven analyzes malware, tracks botnets, and deals with eCrime at varius levels. He frequently deals with targeted malware attacks analyzing their techniques, malware, and command and control mechanisms. Steven also blogs on the Shadowserver website about various malware incidents, 0-day vulnerabilities, politically motivated DDoS attacks, and more at www.shadowserver.org. At his day job with eTouch he supports the Cyber Threat program of a large customer providing insight, analysis, and defense in many of the same arenas.