Topic of Presentation: From being a victim to counter attacking
This talk is an analysis of a common sort of targeted attack performed nowadays against many organizations. As it turns out, publicly available remote administration tools (which we usually call trojans) are frequently used to maintain control over the victim after a successful penetration. The presentation does not focus on particular exploitation techniques used in these attacks. Instead, it aims to get a closer look at one of such trojans. At first, we’ll describe a way to gure out which trojan has been used. Next, we’ll describe in brief the architecture, capabilities and techniques employed by developers of the identied trojan, including mechanisms to hide its presence in the system, and to cover its network trace. The talk presents all the techniques used to perform the analysis, as well as a quick vulnerability analysis has been performed to show that such intruders could also be an object of an attack. . .