Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion...
Transcript of Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion...
![Page 1: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/1.jpg)
DISRUPTING NATION STATE HACKERS
JANUARY 2016
![Page 2: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/2.jpg)
INTRUSION PHASES• Reconnaissance
• Initial Exploitation
• Establish Persistence
• Install Tools
• Move Laterally
• Collect Exfil and Exploit
![Page 3: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/3.jpg)
RECONNAISSANCE
Intrusion Phase 1
![Page 4: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/4.jpg)
RECONNAISSANCE
Intrusion Phase 1
![Page 5: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/5.jpg)
RECONNAISSANCE
Intrusion Phase 1
![Page 6: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/6.jpg)
RECONNAISSANCE
Intrusion Phase 1
![Page 7: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/7.jpg)
INITIAL EXPLOITATION
Intrusion Phase 2
![Page 8: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/8.jpg)
INITIAL EXPLOITATION
Intrusion Phase 2
![Page 9: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/9.jpg)
INITIAL EXPLOITATION
Intrusion Phase 2
![Page 10: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/10.jpg)
INITIAL EXPLOITATION
Intrusion Phase 2
![Page 11: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/11.jpg)
ESTABLISH PERSISTENCE
Intrusion Phase 3
![Page 12: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/12.jpg)
INSTALL TOOLS
Intrusion Phase 4
![Page 13: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/13.jpg)
MOVE LATERALLY
Intrusion Phase 5
![Page 14: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/14.jpg)
MOVE LATERALLY
Intrusion Phase 5
![Page 15: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/15.jpg)
MOVE LATERALLY
Intrusion Phase 5
![Page 16: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/16.jpg)
MOVE LATERALLY
Intrusion Phase 5
![Page 17: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/17.jpg)
COLLECT, EXFIL AND EXPLOIT
Intrusion Phase 6
![Page 18: Disrupting Nation State Hackers - USENIX · disrupting nation state hackers january 2016. intrusion phases](https://reader031.fdocuments.net/reader031/viewer/2022021718/5b6739e57f8b9a2f5c8e092a/html5/thumbnails/18.jpg)
WWW.NSA.GOV
Navigate to:
- Information Assurance
-Mitigation Guidance