Dailydave mailing list archives
Late Friday thoughts on the Kevin Mandia RSAC keynote.
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 21 Mar 2014 17:13:04 -0400
http://www.rsaconference.com/videos/128/state-of-the-hack-one-year-after-the-apt1-report If 97% of the breaches you find are directly attributable to Chinese hackers (aka, due to keyboard language settings, C2 IP, etc.) then how much are you missing?! Boggles the mind. You're telling me you don't see Russians, French, Americans, Israelis, etc. anywhere in the world? Something seems wrong with that number. A lot of what people do is look for "Indications of Compromise" that are essentially C2 domains. But realistically you don't need a lot of C2 for an implant. And a nation-state that can "Be any IP in the world", or in fact has any decent SIGINT, can easily find ways to not need domains, to be any domain, or to be every domain. This includes China, for what it's worth. I see a lot of ads (f.e. from Sourcefire) for Next Gen firewalls. But current gen implants are already able to take on next gen firewalls just fine. Talk also includes silliness such as the "asymmetric" argument ("Attackers only need to get in once, defenders have to defend everything...") and some sort of weird idea that offensive tools are less well QA'd than defensive tools. (Which is absolutely not true). Look, deep down, monitoring is expensive. And if you're trying to scale it up on the cheap, you end up inventing the anti-virus, which we already know is not a bad idea. This is the problem people are trying to solve, and it's still pretty unsolved, imho. -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Late Friday thoughts on the Kevin Mandia RSAC keynote. Dave Aitel (Mar 21)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. Moses Hernandez (Mar 24)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. Richard Bejtlich (Mar 24)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. J. Oquendo (Mar 24)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. Richard Bejtlich (Mar 24)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. security curmudgeon (Mar 25)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. Richard Bejtlich (Mar 25)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. J. Oquendo (Mar 25)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. Alfonso De Gregorio (Mar 25)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. Richard Bejtlich (Mar 24)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. Dan Guido (Mar 25)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. Haroon Meer (Mar 25)
- Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. Moses Hernandez (Mar 24)