[HITB GSEC] Understanding Your Opponent: Attack Profiling

This talk will be based on real world cases in Asia and Korea. We will talk about real approaches for incident response in CERTs and also present the common points and connections between different malware incidents in Asia.

Through various incident response and malware analysis, we have found attackers were using similar malware and attack methods for several incidents. The analysis for common points and relations of attacks can help us to better understand the purpose and tactics of attackers for more effective response. Attack Profiling is a valuable method for figuring out the motives of an attacker, sharing threat intelligence for incidents and preparing response methods for expected future incidents.

We have performed analysis against incidents targeting government agencies, media outlets, broadcasting services, critical infrastructure and the financial sector and in this presentation, we will introduce the approach and methods used for attack profiling.

Outline:

1. Recent Cases

2. Attack Profiling Methods and Factors for Analysis
– Approaches for Profiling
– Tactics, Code and IOC

3. Attack Profiling in Real World Incident Cases
– Case 1 : (Malware targeted to Financial Industry in Asia)
– Case 2 : (APT Incident Case 1)
– Case 3 : (APT Incident Case 2)

4. Conclusion

We hope through this session, attendees will better understand how to analyze an attack and how to figure out it’s possible relations to other incidents.

Advertisements

Make a secure mobile payment – HITCON 2014

I made a presentation at HITCON 2014 in Taiwan, the title is “Make a secure mobile payment”.

File : E2_06_Yongjun Park – Make a secure mobile payment

[Agenda]

Recently, many kinds of mobile payment have launched, and it has got a large share of payment transactions in the world. As we know that, a breach of payment is highly dangerous because it could be exploited to steal real money, directly.

I have found diverse flows and vulnerabilities during security testing. Some of them could be used to acquire payment data and to change transactions. I will talk about threats of mobile payment and cases of vulnerability. Also, I am going to share how to test the security of mobile payment.