Finger Pointing for Fun, Profit and War?

Black Hat USA 2010

Presented by: Tom Parker
Date: Wednesday July 28, 2010
Time: 15:15 - 16:30
Location: Florentine
Track: Cyber War & Peace

Recent incidents commonly thought to be linked to state sponsored activities have given rise to much discussion over the reliability of technical analysis as a source for adversary attribution - specifically in regards to what is commonly termed as the Advanced Persistent Threat (or APT). We now live in a world where the reverse engineering of a malicious binary, or analysis of a compromised host may very well play into a world-changing decision, such as whether a country should declare war on another - or indeed, whether it is no longer viable for a large, multinational corporation to continue doing business in a given part of the globe.

This talk will discuss in depth the merits and demerits of technical analysis; demonstrating ways in which various techniques including static binary analysis and memory forensics may be utilized to build a granular profile of the adversary, and where the same techniques may fall short. The presentation will discuss detailed characterization matrix that can be leveraged to assess and even automate assessment of multiple aspects of the adversary (such as motive, technical skill, technological research resources) that may all play into the way in which we respond to an incident, or reposition ourselves to handle a specific threat over in long term.

Tom Parker

Securicon Tom Parker is the Director of Security Consulting Services at Securicon. Tom is a recognized throughout the security industry for his research in multiple areas including adversary profiling and software vulnerability research & analysis. Tom has published over four books on the topic of information security including Cyber Adversary Characterization -Auditing the Hacker Mind and a contributor to the popular Stealing the Network Series. Tom is a frequent speaker at conferences including a past speaker at Blackhat. Tom often lends his time to guest lecturing at Universities, involvement in community research initiatives, and is often called to provide his expert opinion to mass media organizations, including BBC News, CNN, and online/print outlets such as The Register, Reuters News, Wired and Business Week.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats