Defcon 2011 Talks – APT, Citrix Hacks, Amazon AMI Cloud Security

APT is gaining much more press attention recently with RSA and Northrup Gruman intrusions making it into the news. A set of researchers from Taiwan presented their APT related data at “Balancing the pwn Trade Deficit”. Based on a known APT malware set, they developed methods for clustering the malware to identify and make sense of the growing heap of it. While they withheld some more sensitive information and their work has mostly focused on attacks in southeastern asia, their content and project is an interesting one.

They requested that individuals (system administrators, etc) suspecting APT components on their networks upload the files at to help research them. Visualization of analysis data and confirmation or denial that the component is APT related will be provided.

Citrix system administrators should quickly refer to the “Bosses Love Excel, Hackers too” material put forward towards the end of the day by spanish security researchers and funnymen Chema Alonso and Juan Garrido. They demonstrated reliable attacks on Citrix systems using both default configured systems, and more locked down systems. The techniques alarmingly demonstrated how security policies can be evaded every step of the way while using Excel on Citrix.

Later in the day, Ben Feinstein and Jeff Jarmoc talked about more security issues with cloud computing. In this case, they focused on Amazon cloud services and the Amazon Machine Images (AMI) used to spin off virtual machines. Their data included findings that 30% of all the open source based AMI being uploaded and publicly shared at Amazon maintain a public disclosure of sensitive information. This sensitive information may be SSH keys, identification tokens, bash history files that maintain user and host names and other common ways that credentials are exposed. Security for the cloud is becoming more overcast.

Defcon 2011 Talks – APT, Citrix Hacks, Amazon AMI Cloud Security

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox