In this video from t2’15Artturi Lehtiö peers inside over 7 years of state sponsored malware operations. The presentation covers themes such as less glamorous side of APT research, tools and approaches, in addition to the challenges related to publishing this type of information.
Those into offensive work can view the video as training material for improving tradecraft.
For additional information on the subject, here are the links for the whitepapers mentioned during the talk.
A great way to steal someone’s secrets is often just listening carefully enough. At t2’15 Lev Pachmanov, Daniel Genkin, Itamar Pipman and Eran Tromer from Tel Aviv University demonstrated in practice how sensitive information can be pilfered with a sausage (or a Pita bread, if you’re vegetarian). In all seriousness, this has to be one of the funniest publicly delivered presentations on gathering electromagnetic emanations.
Whether you are into emission security or collecting signals intelligence, we’re sure you will enjoy this talk.
We’re continuing with the theme of securing international travel by releasing Andrea Barisani‘s Forging the USB Armory talk from t2’15.
Those enjoying international travel and/or operational situations, the dual-use capabilities of the platform might be something of interest. From safe USB charger, encrypted file storage and automated self-destruct, password manager, TOR access point to portable offensive toolkit, the opportunities are endless. Even if open source hardware design is outside your comfort zone, the video gives you a good glimpse into solving hard problems and the capabilities of USB Armory.
Again, as with all our curated releases, this is a must see – enjoy!
International travel can be difficult, and for a security conscious person especially so.
In this video from t2’15Georg Wicherski demonstrates a way of solving many problems related to carrying a personal computing device with you. For a person crossing borders on a regular basis or otherwise in need of heightened security for their laptop, this is a must see. Enjoy!
Do note that this has been actually implemented in practice instead of being just intellectual mastu^H^H^H a mental exercise. For more details about the setup, refer to the GitHub repository. The setup has been since updated to support TPM remote attestation.
Those in the business of securing enterprises and organizations should definitely watch OlleB‘s presentation from t2’15. Moving from point-in-time <insert-product-name-here> scans to a more structured approach using graphs, attack models, understanding and eradicating vulnerability classes or using safety/assurance cases is a long-term security investment.
Taking your defensive game to the next level requires trying out new approaches to old problems and sometimes challenging the conventional wisdom. This video should give you food for thought – it’s one of our favorites!