Effectively testing APT defences

Friday 2 October 10:00 - 10:30, Green room

Simon PG Edwards (Dennis Technology Labs)
Richard Ford (Florida Institute of Technology)
Gabor Szappanos (Sophos)

  download slides (PDF)

This paper examines some of the problems (real and merely perceived) that surround testing APT defence technologies and questions the definition of the term 'APT' in a constructive way. It also walks through an example of a targeted attack and notes where certain types of testing would be deficient when using such an attack as a test case.

In the presentation, we will demonstrate how a 'baseline' set of tests, using unmodified Metasploit-based attacks, made mincemeat of some well-known anti-malware products. One enterprise solution stopped four out of 25 threats. We were able to obtain reverse shells in 21 cases and, just as an experiment, migrated into the anti-malware agent's own process.

Click here for more details about the conference.

Simon PG Edwards

Simon PG Edwards

An IT journalist since 1995, Simon Edwards has worked on some of the UK's biggest computer magazine titles. Dennis Publishing publishes titles including Computer Shopper, PC Pro, Computer Active, Web User, Mac User and IT Pro. One of Simon's areas of expertise is anti-malware testing and he is Technical Director of Dennis Technology Labs, an independent security testing business that is part of the Dennis Publishing media company. A founder member of the Anti-Malware Testing Standards Organisation (AMTSO), Simon was chairman of the organisation's Board of Directors until July 2015.

@spgedwards

Richard Ford

Richard Ford

Dr. Richard Ford is the Chief Scientist of Raytheon | Websense Labs, and oversees scientific direction and innovation within the labs. He graduated from the University of Oxford in 1992 with a D.Phil. in Quantum Physics. Since that time, he has worked extensively in the area of computer security and malicious mobile code prevention. Previous projects include work on the Computer Virus Immune System at IBM Research, and development of the world's largest web hosting system whilst Director of Engineering for Verio, and as a University Professor at the Florida Institute of Technology, where he served terms as Director of the Harris Institute and as Head of the University's Computer Science and Cybersecurity Department. In addition to his role at Raytheon | Websense, Ford is a member of the Virus Bulletin advisory board, and co-editor of a column in IEEE Security & Privacy. Ford is a member of CARO, and a past President/CEO of AMSTO, the Anti-Malware Testing Standards Organization. In addition to carrying out research in Computer Security, Ford is an instrument rated private pilot, and a three-time winner of the National Flute Association's Big Band Jazz competition.

Gabor Szappanos

Gabor Szappanos

Gabor Szappanos graduated from the Eotvos Lorand University of Budapest with degree in physics. His first job was in the Computer and Automation Research Institute, developing diagnostic software and hardware for nuclear power plants. He started anti-virus work in 1995, and has been developing freeware anti-virus solutions in his spare time. He joined VirusBuster in 2001, where he was responsible for taking care of macro virus and script malware. In 2002 he became the head of the virus lab. Since 2008 he has been a member of the board of directors of AMTSO (the Anti-Malware Testing Standards Organization). In 2012, he joined Sophos as a Principal Malware Researcher.