Attacker Behaviour Analysis Base on Attack Vector Analysis

Lab Details

Date: 16th August 2023. 0900H
Venue: Room 304, Level 3, KLCC Convention Centre

Lab Technical Difficulty Level: Intermediate

Price

Early Bird: USD 999.00 (Use Code: SS2023CLEB. Ends 30th June, 2359H)
Normal: USD 1,199.00

Course Outline

In this lab, we will analyze attack techniques that infect PC with malicious code used by APT attack groups(APT37, APT38) based in specific country and attack techniques that attack web server for use as C&C(Command & Control) server. In addition, we will learn techniques to find and analyze various artifacts and evidences that can prove the malicious behavior of such APT attack group in attacked PC and server. Finally, we will draw up a timeline showing APT attack vector and TTP(Tactics, Techniques, Procedures) based on artifacts and evidence found by analyzing PC and server.

1. Typical techniques to attack(malware infection) to PC
– Spear phishing email : Malicious documents using MS-Office and PDF vulnerability
– Watering hole attack : Malicious script using Web browser vulnerability
– Types of final payloads(Main malware) and infection procedure

2. How to analyze attacked(malware infected) PC
– General procedure for accurate analysis
– Artifacts that must be extract to analyze the attacker’s malicious behavior
– Extraction of attacker’s malicious behavior based on artifact analysis

3. Typical techniques to attack(Build C&C) to Web server
– Attack techniques to get shell to execute system commands
– Second attack technique to build C&C server
– Build C&C server and backdoor(Rootkit)

4. How to analyze hacked Web server
– General procedure for accurate analysis
– Artifacts that must be extract to analyze the attacker’s malicious behavior
– Extraction of attacker’s malicious behavior based on artifact analysis

5. Let’s draw up timeline showing APT attack vector and TTP

What to expect?

You can acquire techniques to analyze malicious behavior of attackers on PC and server.

1. How to extract malware from infected PC
2. How to find out why PC is infected malware
3. How to analyze malware
4. How to find traces of an attacker on hacked server
5. How to analyze the various logs of the server
6. How to find and define attacker’s hacking technique
7. How to write timeline of attacker’s behavior

Prerequisites

Anyone with general knowledge of OS and Network can do this lab.
We will provide detaily letcture book(PDF), so you can study on your own after the lab is over.

What to bring?

Experience using the basic commands of Windows and Linux operating systems is sufficient. All the items including tools needed for this lab will be provided.

Trainer Profile

Park Moonbeom

Moonbeom working at government agency of incident response sector as general researcher, have 15 years of experience in hacking analysis, digital forensic, research on hacking and tracking hacking source. And not only one of experts among government and private sector in fields of forensic, hacking analysis, hacker profiling, counter-attack on hackers, but also mentor of Korea’s next generation security leader training program ‘Best of the Best(a.k.a BoB).

He is tracking APT attack groups based on the attack techniques and attack vectors used by specific country based APT attack groups, and researching on specific APT attack group profiling base on TTPs. And has been presented findings at conferences such as FIRST, HITB, HITCON, TROOPERS, and SCSD.

Currently, he is working as a special professor at a university in Seoul, Korea until this year.

Lab session will be assisted by:

Sangsoo Jeong
Position: Researcher
Lab Role: Malware and Infected PC analysis demonstration.

Scroll to top