SlideShare una empresa de Scribd logo

Manu Quintans & Frank Ruiz – 50 shades of crimeware [Rooted CON 2014]

Descargar como PPTX, PDF
RootedCON
RootedCON
TecnologíaNoticias y política
1 de 65
1 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March 50 Shades of Crimeware Manu Quintans – Frank Ruiz
2 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March WHO WE ARE? Manu Quintans - Threat Intelligence Manager at Buguroo / Deloitte Frank Ruiz - Intelligence Analyst at Fox IT And…yes!, we hunt malware like a sir.
3 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March INDEX What we know about Cyber-Crime ? It’s Time Back to reality. Understand Cyber-Crime activities. Previously on … 2013 Reality bites Cyber-Crime Evolutions – 2013-2014 New trends at Cyber-Crime Examples (We have a Target… ) Infrastructure Demo Time (Yeah! We have a demo, please release your smartphone and enjoy…)
4 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ?
5 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ?
6 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ?
7 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ?
8 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ?
9 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ? Brian Krebs Post Life Cycle WE NEED DIAGRAM.
10 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March It’s Time Back to reality.
11 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March It’s Time Back to reality.
12 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March It’s Time Back to reality.
13 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March It’s Time Back to reality.
14 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.
15 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. The Undercoat Just for Kiddies HackForums Exploit.IN Antichat.RU Damagelabs DarkCode Indetectables LAYER#1
16 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. THE UNDERCOAT
17 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. THE UNDERCOAT
18 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. THE UNDERCOAT
19 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. THE UNDERCOAT
20 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. The Limbo PSEUDO-PRO CPRO.SU Pustota Verified.msx x Infraud.su LAYER#2
21 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.
22 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.
23 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.LAYER#3 Heaven’s door Gang’stah!-PRO
24 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.
25 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.
26 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.LAYER#4 Private семьяZeusP2P CryptoLocker Sinowallx Gozi
27 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March VIDEO HISTORY
28 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. The Undercoat Just for Kiddies HackForums Exploit.IN Antichat.RU Damagelabs DarkCode Indetectables The Limbo PSEUDO-PRO CPRO.SU Pustota Verified.msx Infraud.su x Heaven’s door Gang’stah!-PRO Private семья ZeusP2P CryptoLocker Sinowall x Gozi
29 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Previously on … 2013
30 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Previously on … 2013 First year, without new Banking Trojans. (Except’s KINS aka Kasper) Symlink Arrested (January) Paunch Arrested (BlackHole Exploit Kit) (OCTOBER) FBI shut down SilkRoad and they arrest Ross Willian Ulbrich. (OCTOBER) Target Breach. :-) – (NOVEMBER/DECEMBER) FBI With Spanish Police Cooperation take’s down Liberty Reserver and arrest CEO.– (MAY 2013)
31 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Previously on … 2013 / 2014 Has been a special year in the evolution of the industry of cybercrime: The feeling of impunity begins to disappear. Groups midlevel begin to close and professionalize their assets. Ironically, the vetted gang’s start to show some gaps.
32 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Previously on … 2013 / 2014 These changes are due to: Detentions. Proliferation of bloggers / twitters 'investigating' cybercrime scene. (Pr0n stars) Insider Researchers. Leaks (Pasties, services…)
33 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Previously on … 2013 / 2014 Conclusions: The “industry” of Cyber-Crime, now are more than closed than ever.
34 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime
35 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime We found new trends at Cyber- Crime Industry, like… : POS MALWARE (POINT OF SALES) SYSEM NEW MOBILE MALWARE (EG: TOR BASED) CRYPTOCURRENCIES
36 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime POS (POINT OF SALE), but why? The lack of a Banking Trojan for sale and the large increase in demand for cards has moved many players in this business. Citadel users move there business to this new system. Grows offer POS malware sales.
37 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime POS (POINT OF SALE), What We found on underground Market? Alina Malware The beauty, the Bad and the UglyDexter Malware BlackPos Malware
38 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime POS (POINT OF SALE), and services? Of course! JackPos
39 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime Mobile Malware Increase of injections with support for mobile malware. Mobile malware for sale: iBanking (as Service). Perkele Uses new resources like TOR.
40 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime Mobile Malware IBanking
41 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime Mobile Malware Perkele
42 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime CryptoCurrencies
43 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime CryptoCurrencies
44 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime CryptoCurrencies
45 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime CryptoCurrencies TOTAL HASH RATE 24H HASH RATE
46 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Let’s see some real examples about new trends.
47 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Example
48 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Example Timeline: Brian Krebs 18/Dec/2013: Sources: Target Investigating Data Breach 20/Dec/2013: Cards Stolen in Target Breach Flood Underground Markets 22/Dec/2013: Non-US Cards Used At Target Fetch Premium 24/Dec/2013: Who’s Selling Credit Cards from Target? 10/Jan/2014: Target: Names, Emails, Phone Numbers on Up To 70 Million Customers Stolen 15/Jan/2014: A First Look at the Target Intrusion, Malware 16/Jan/2014: A Closer Look at the Target Malware, Part II 29/Jan/2014: New Clues in the Target Breach 04/Feb/2014: These Guys Battled BlackPOS at a Retailer 05/Feb/2014: Target Hackers Broke in Via HVAC Company 12/Feb/2014: Email Attack on Vendor Set Up Breach at Target 19/Feb/2014: Fire Sale on Cards Stolen in Target Breach 25/Feb/2014: Card Backlog Extends Pain from Target Breach
49 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Example
50 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Example
51 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Intelligence
52 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Intelligence
53 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Intelligence
54 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Cyber-Criminals Infrastructure
55 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure BOTNETINTERNET Simple
56 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure Proxy BOTNETINTERNET VICTIMS PROXY
57 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure Duble Proxy BOTNETINTERNET VICTIMS PROXY - 1 PROXY - 2
58 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure Fastflux + C&C FAST FLUXBOTNET FASTFLUX VICTIM HTTP GET RESPONSE CONTENT GET REDIRECT RESPONSE CONTENT
59 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure Fastflux + PROXY + C&C FAST FLUXBOTNET FASTFLUX VICTIM HTTP GET RESPONSE CONTENT GET REDIRECT RESPONSE CONTENT
60 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure BP HOSTERS BP HOSTERINTERNET VICTIMS Backend Server
61 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure OWN Infrastructures INTERNET IPIP Tunel OpenVPN Server VPN Client Backend Server Backend Server Backend Server Backend Server Backend Server VICTIMS
62 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure P2P INTERNET P2P Network Web Panel Backup Server VICTIMS
63 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure TOR INTERNET Web Panel TOR Network VICTIMS
64 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
65 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March

Recomendados

Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...RootedCON
 
Pablo San Emeterio - How to protect your hot pics with WHF [RootedSatellite V...
Pablo San Emeterio - How to protect your hot pics with WHF [RootedSatellite V...Pablo San Emeterio - How to protect your hot pics with WHF [RootedSatellite V...
Pablo San Emeterio - How to protect your hot pics with WHF [RootedSatellite V...RootedCON
 
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]RootedCON
 
RootedSatellite Valencia - Charla inaugural [RootedSatellite Valencia]
RootedSatellite Valencia - Charla inaugural [RootedSatellite Valencia]RootedSatellite Valencia - Charla inaugural [RootedSatellite Valencia]
RootedSatellite Valencia - Charla inaugural [RootedSatellite Valencia]RootedCON
 
Jose Selvi - Adaptando exploits para evitar la frustración [RootedSatellite V...
Jose Selvi - Adaptando exploits para evitar la frustración [RootedSatellite V...Jose Selvi - Adaptando exploits para evitar la frustración [RootedSatellite V...
Jose Selvi - Adaptando exploits para evitar la frustración [RootedSatellite V...RootedCON
 
Javier Saez - Una panorámica sobre la seguridad en entornos web [rootedvlc2]
Javier Saez - Una panorámica sobre la seguridad en entornos web [rootedvlc2]Javier Saez - Una panorámica sobre la seguridad en entornos web [rootedvlc2]
Javier Saez - Una panorámica sobre la seguridad en entornos web [rootedvlc2]RootedCON
 
Cesar Lorenzana & Javier Rodríguez – Por qué lo llaman APT´s, cuando lo que q...
Cesar Lorenzana & Javier Rodríguez – Por qué lo llaman APT´s, cuando lo que q...Cesar Lorenzana & Javier Rodríguez – Por qué lo llaman APT´s, cuando lo que q...
Cesar Lorenzana & Javier Rodríguez – Por qué lo llaman APT´s, cuando lo que q...RootedCON
 
Alberto Cita - Skype Sin Levita. Un análisis de seguridad y privacidad [Roote...
Alberto Cita - Skype Sin Levita. Un análisis de seguridad y privacidad [Roote...Alberto Cita - Skype Sin Levita. Un análisis de seguridad y privacidad [Roote...
Alberto Cita - Skype Sin Levita. Un análisis de seguridad y privacidad [Roote...RootedCON
 

Recomendados

Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...
Jeremy Brown & David Seidman - Microsoft Vulnerability Research: How to be a ...RootedCON
 
Pablo San Emeterio - How to protect your hot pics with WHF [RootedSatellite V...
Pablo San Emeterio - How to protect your hot pics with WHF [RootedSatellite V...Pablo San Emeterio - How to protect your hot pics with WHF [RootedSatellite V...
Pablo San Emeterio - How to protect your hot pics with WHF [RootedSatellite V...RootedCON
 
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]RootedCON
 
RootedSatellite Valencia - Charla inaugural [RootedSatellite Valencia]
RootedSatellite Valencia - Charla inaugural [RootedSatellite Valencia]RootedSatellite Valencia - Charla inaugural [RootedSatellite Valencia]
RootedSatellite Valencia - Charla inaugural [RootedSatellite Valencia]RootedCON
 
Jose Selvi - Adaptando exploits para evitar la frustración [RootedSatellite V...
Jose Selvi - Adaptando exploits para evitar la frustración [RootedSatellite V...Jose Selvi - Adaptando exploits para evitar la frustración [RootedSatellite V...
Jose Selvi - Adaptando exploits para evitar la frustración [RootedSatellite V...RootedCON
 
Javier Saez - Una panorámica sobre la seguridad en entornos web [rootedvlc2]
Javier Saez - Una panorámica sobre la seguridad en entornos web [rootedvlc2]Javier Saez - Una panorámica sobre la seguridad en entornos web [rootedvlc2]
Javier Saez - Una panorámica sobre la seguridad en entornos web [rootedvlc2]RootedCON
 
Cesar Lorenzana & Javier Rodríguez – Por qué lo llaman APT´s, cuando lo que q...
Cesar Lorenzana & Javier Rodríguez – Por qué lo llaman APT´s, cuando lo que q...Cesar Lorenzana & Javier Rodríguez – Por qué lo llaman APT´s, cuando lo que q...
Cesar Lorenzana & Javier Rodríguez – Por qué lo llaman APT´s, cuando lo que q...RootedCON
 
Alberto Cita - Skype Sin Levita. Un análisis de seguridad y privacidad [Roote...
Alberto Cita - Skype Sin Levita. Un análisis de seguridad y privacidad [Roote...Alberto Cita - Skype Sin Levita. Un análisis de seguridad y privacidad [Roote...
Alberto Cita - Skype Sin Levita. Un análisis de seguridad y privacidad [Roote...RootedCON
 
Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]
Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]
Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]RootedCON
 
David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]
David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]
David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]RootedCON
 
Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...
Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...
Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...RootedCON
 
Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...
Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...
Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...RootedCON
 
Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]
Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]
Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]RootedCON
 
Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]
Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]
Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]RootedCON
 
Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...
Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...
Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...RootedCON
 
Layakk - Atacando 3G Vol. 2 [rootedvlc2]
Layakk - Atacando 3G Vol. 2 [rootedvlc2]Layakk - Atacando 3G Vol. 2 [rootedvlc2]
Layakk - Atacando 3G Vol. 2 [rootedvlc2]RootedCON
 
Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...
Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...
Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...RootedCON
 
Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]
Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]
Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]RootedCON
 
Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...
Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...
Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...RootedCON
 
Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]
Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]
Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]RootedCON
 
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]RootedCON
 
Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...
Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...
Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...RootedCON
 
Conferencia de apertura [Rooted CON 2014]
Conferencia de apertura [Rooted CON 2014]Conferencia de apertura [Rooted CON 2014]
Conferencia de apertura [Rooted CON 2014]RootedCON
 
Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]
Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]
Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]RootedCON
 
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...RootedCON
 
Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...
Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...
Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...RootedCON
 
Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...
Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...
Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...RootedCON
 
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...RootedCON
 
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloadedDefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloadedDefCamp
 
2014 Technology Predictions
2014 Technology Predictions2014 Technology Predictions
2014 Technology PredictionsChris Powell
 

Más contenido relacionado

Destacado

Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]
Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]
Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]RootedCON
 
David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]
David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]
David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]RootedCON
 
Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...
Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...
Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...RootedCON
 
Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...
Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...
Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...RootedCON
 
Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]
Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]
Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]RootedCON
 
Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]
Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]
Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]RootedCON
 
Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...
Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...
Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...RootedCON
 
Layakk - Atacando 3G Vol. 2 [rootedvlc2]
Layakk - Atacando 3G Vol. 2 [rootedvlc2]Layakk - Atacando 3G Vol. 2 [rootedvlc2]
Layakk - Atacando 3G Vol. 2 [rootedvlc2]RootedCON
 
Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...
Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...
Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...RootedCON
 
Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]
Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]
Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]RootedCON
 
Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...
Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...
Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...RootedCON
 
Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]
Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]
Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]RootedCON
 
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]RootedCON
 
Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...
Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...
Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...RootedCON
 
Conferencia de apertura [Rooted CON 2014]
Conferencia de apertura [Rooted CON 2014]Conferencia de apertura [Rooted CON 2014]
Conferencia de apertura [Rooted CON 2014]RootedCON
 
Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]
Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]
Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]RootedCON
 
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...RootedCON
 
Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...
Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...
Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...RootedCON
 
Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...
Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...
Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...RootedCON
 
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...RootedCON
 

Destacado (20)

Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]
Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]
Cesar Lorenzana - Picoletos en Rootedland [RootedSatellite Valencia]
 
David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]
David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]
David Pérez y José Pico - I wanna jam it wid you [RootedSatellite Valencia]
 
Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...
Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...
Jorge Bermúdez - Botnets y troyanos: los artículos 197 y 264 CP llevados a la...
 
Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...
Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...
Jose M Mejia - Usando computación paralela GPU en malware y herramientas de h...
 
Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]
Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]
Chema Alonso - Dorking, Pentesting & Hacking con Android Apps [rootedvlc2]
 
Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]
Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]
Leonardo Nve - Explotando cambios en servidores DNS [RootedSatellite Valencia]
 
Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...
Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...
Lorenzo Martínez - Cooking an APT in the paranoid way [RootedSatellite Valen...
 
Layakk - Atacando 3G Vol. 2 [rootedvlc2]
Layakk - Atacando 3G Vol. 2 [rootedvlc2]Layakk - Atacando 3G Vol. 2 [rootedvlc2]
Layakk - Atacando 3G Vol. 2 [rootedvlc2]
 
Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...
Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...
Jorge Ramió - RSA cumple 36 años y se le ha caducado el carné joven [Rooted C...
 
Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]
Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]
Aladdin Gurbanov – Magnetic Road [Rooted CON 2014]
 
Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...
Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...
Pablo San Emeterio López & Jaime Sánchez – WhatsApp, mentiras y cintas de vid...
 
Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]
Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]
Pau Oliva – Bypassing wifi pay-walls with Android [Rooted CON 2014]
 
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]
Hugo Teso - Profundizando en la seguridad de la aviación [Rooted CON 2014]
 
Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...
Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...
Roberto Baratta – Monetización de seguridad: de más con menos a más con nada ...
 
Conferencia de apertura [Rooted CON 2014]
Conferencia de apertura [Rooted CON 2014]Conferencia de apertura [Rooted CON 2014]
Conferencia de apertura [Rooted CON 2014]
 
Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]
Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]
Joaquín Moreno Garijo – Forense a bajo nivel en Mac OS X [Rooted CON 2014]
 
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
 
Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...
Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...
Alfonso Muñoz – Ocultación de comunicaciones en lenguaje natural [Rooted CON ...
 
Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...
Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...
Vicente Díaz - Birds, bots and machines - Fraud in Twitter and how to detect ...
 
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
 

Similar a Manu Quintans & Frank Ruiz – 50 shades of crimeware [Rooted CON 2014]

DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloadedDefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloadedDefCamp
 
2014 Technology Predictions
2014 Technology Predictions2014 Technology Predictions
2014 Technology PredictionsChris Powell
 
2014 Tech Predictions by Daily Deal Builder
2014 Tech Predictions by Daily Deal Builder2014 Tech Predictions by Daily Deal Builder
2014 Tech Predictions by Daily Deal BuilderMarc Horne
 
Delving deeper into viewer experiences - How combined date collection technol...
Delving deeper into viewer experiences - How combined date collection technol...Delving deeper into viewer experiences - How combined date collection technol...
Delving deeper into viewer experiences - How combined date collection technol...Merlien Institute
 
RootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital LatchesRootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital LatchesChema Alonso
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach AnalysisTal Be'ery
 
Ketchum SxSW wrap report: key trends
Ketchum SxSW wrap report: key trendsKetchum SxSW wrap report: key trends
Ketchum SxSW wrap report: key trendsStephen Waddington
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013- Mark - Fullbright
 
Marketplace Innovation report Q2 2015
Marketplace Innovation report Q2 2015Marketplace Innovation report Q2 2015
Marketplace Innovation report Q2 2015Endava
 
The Next Cyber Warfare Wave: AR and VR Worlds
The Next Cyber Warfare Wave: AR and VR WorldsThe Next Cyber Warfare Wave: AR and VR Worlds
The Next Cyber Warfare Wave: AR and VR WorldsCool Blue Company, LLC
 
Possible cyber security threats of 2016
Possible cyber security threats of 2016Possible cyber security threats of 2016
Possible cyber security threats of 2016James_08
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014- Mark - Fullbright
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
A new hope for 2023? What developers must learn next
A new hope for 2023? What developers must learn nextA new hope for 2023? What developers must learn next
A new hope for 2023? What developers must learn nextSteve Poole
 
Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update Symantec Website Security
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 

Similar a Manu Quintans & Frank Ruiz – 50 shades of crimeware [Rooted CON 2014] (20)

DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloadedDefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded
 
2014 Technology Predictions
2014 Technology Predictions2014 Technology Predictions
2014 Technology Predictions
 
2014 Tech Predictions by Daily Deal Builder
2014 Tech Predictions by Daily Deal Builder2014 Tech Predictions by Daily Deal Builder
2014 Tech Predictions by Daily Deal Builder
 
Delving deeper into viewer experiences - How combined date collection technol...
Delving deeper into viewer experiences - How combined date collection technol...Delving deeper into viewer experiences - How combined date collection technol...
Delving deeper into viewer experiences - How combined date collection technol...
 
RootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital LatchesRootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital Latches
 
dotScale 2014
dotScale 2014dotScale 2014
dotScale 2014
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach Analysis
 
Ketchum SxSW wrap report: key trends
Ketchum SxSW wrap report: key trendsKetchum SxSW wrap report: key trends
Ketchum SxSW wrap report: key trends
 
Mom phd
Mom phdMom phd
Mom phd
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
 
Marketplace Innovation report Q2 2015
Marketplace Innovation report Q2 2015Marketplace Innovation report Q2 2015
Marketplace Innovation report Q2 2015
 
The Next Cyber Warfare Wave: AR and VR Worlds
The Next Cyber Warfare Wave: AR and VR WorldsThe Next Cyber Warfare Wave: AR and VR Worlds
The Next Cyber Warfare Wave: AR and VR Worlds
 
Possible cyber security threats of 2016
Possible cyber security threats of 2016Possible cyber security threats of 2016
Possible cyber security threats of 2016
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-na
 
A new hope for 2023? What developers must learn next
A new hope for 2023? What developers must learn nextA new hope for 2023? What developers must learn next
A new hope for 2023? What developers must learn next
 
Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update
 
Comodo 2017 report
Comodo 2017 reportComodo 2017 report
Comodo 2017 report
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014
 
Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacks
 

Más de RootedCON

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRootedCON
 
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...RootedCON
 
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRootedCON
 
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_RootedCON
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...RootedCON
 
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...RootedCON
 
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...RootedCON
 
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRootedCON
 
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...RootedCON
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRootedCON
 
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...RootedCON
 
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRootedCON
 
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...RootedCON
 
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRootedCON
 
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRootedCON
 
Rooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRootedCON
 
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...RootedCON
 
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...RootedCON
 
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRootedCON
 
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRootedCON
 

Más de RootedCON (20)

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
 
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
 
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amado
 
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
 
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
 
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
 
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
 
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
 
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
 
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molina
 
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
 
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopez
 
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
 
Rooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jara
 
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
 
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
 
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
 
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
 

Último

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 

Último (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 

Manu Quintans & Frank Ruiz – 50 shades of crimeware [Rooted CON 2014]

  • 1. 1 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March 50 Shades of Crimeware Manu Quintans – Frank Ruiz
  • 2. 2 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March WHO WE ARE? Manu Quintans - Threat Intelligence Manager at Buguroo / Deloitte Frank Ruiz - Intelligence Analyst at Fox IT And…yes!, we hunt malware like a sir.
  • 3. 3 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March INDEX What we know about Cyber-Crime ? It’s Time Back to reality. Understand Cyber-Crime activities. Previously on … 2013 Reality bites Cyber-Crime Evolutions – 2013-2014 New trends at Cyber-Crime Examples (We have a Target… ) Infrastructure Demo Time (Yeah! We have a demo, please release your smartphone and enjoy…)
  • 4. 4 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ?
  • 5. 5 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ?
  • 6. 6 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ?
  • 7. 7 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ?
  • 8. 8 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ?
  • 9. 9 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March What we know about Cyber-Crime ? Brian Krebs Post Life Cycle WE NEED DIAGRAM.
  • 10. 10 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March It’s Time Back to reality.
  • 11. 11 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March It’s Time Back to reality.
  • 12. 12 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March It’s Time Back to reality.
  • 13. 13 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March It’s Time Back to reality.
  • 14. 14 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.
  • 15. 15 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. The Undercoat Just for Kiddies HackForums Exploit.IN Antichat.RU Damagelabs DarkCode Indetectables LAYER#1
  • 16. 16 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. THE UNDERCOAT
  • 17. 17 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. THE UNDERCOAT
  • 18. 18 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. THE UNDERCOAT
  • 19. 19 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. THE UNDERCOAT
  • 20. 20 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. The Limbo PSEUDO-PRO CPRO.SU Pustota Verified.msx x Infraud.su LAYER#2
  • 21. 21 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.
  • 22. 22 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.
  • 23. 23 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.LAYER#3 Heaven’s door Gang’stah!-PRO
  • 24. 24 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.
  • 25. 25 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.
  • 26. 26 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities.LAYER#4 Private семьяZeusP2P CryptoLocker Sinowallx Gozi
  • 27. 27 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March VIDEO HISTORY
  • 28. 28 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Understand Cyber-Crime activities. The Undercoat Just for Kiddies HackForums Exploit.IN Antichat.RU Damagelabs DarkCode Indetectables The Limbo PSEUDO-PRO CPRO.SU Pustota Verified.msx Infraud.su x Heaven’s door Gang’stah!-PRO Private семья ZeusP2P CryptoLocker Sinowall x Gozi
  • 29. 29 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Previously on … 2013
  • 30. 30 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Previously on … 2013 First year, without new Banking Trojans. (Except’s KINS aka Kasper) Symlink Arrested (January) Paunch Arrested (BlackHole Exploit Kit) (OCTOBER) FBI shut down SilkRoad and they arrest Ross Willian Ulbrich. (OCTOBER) Target Breach. :-) – (NOVEMBER/DECEMBER) FBI With Spanish Police Cooperation take’s down Liberty Reserver and arrest CEO.– (MAY 2013)
  • 31. 31 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Previously on … 2013 / 2014 Has been a special year in the evolution of the industry of cybercrime: The feeling of impunity begins to disappear. Groups midlevel begin to close and professionalize their assets. Ironically, the vetted gang’s start to show some gaps.
  • 32. 32 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Previously on … 2013 / 2014 These changes are due to: Detentions. Proliferation of bloggers / twitters 'investigating' cybercrime scene. (Pr0n stars) Insider Researchers. Leaks (Pasties, services…)
  • 33. 33 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Previously on … 2013 / 2014 Conclusions: The “industry” of Cyber-Crime, now are more than closed than ever.
  • 34. 34 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime
  • 35. 35 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime We found new trends at Cyber- Crime Industry, like… : POS MALWARE (POINT OF SALES) SYSEM NEW MOBILE MALWARE (EG: TOR BASED) CRYPTOCURRENCIES
  • 36. 36 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime POS (POINT OF SALE), but why? The lack of a Banking Trojan for sale and the large increase in demand for cards has moved many players in this business. Citadel users move there business to this new system. Grows offer POS malware sales.
  • 37. 37 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime POS (POINT OF SALE), What We found on underground Market? Alina Malware The beauty, the Bad and the UglyDexter Malware BlackPos Malware
  • 38. 38 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime POS (POINT OF SALE), and services? Of course! JackPos
  • 39. 39 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime Mobile Malware Increase of injections with support for mobile malware. Mobile malware for sale: iBanking (as Service). Perkele Uses new resources like TOR.
  • 40. 40 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime Mobile Malware IBanking
  • 41. 41 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime Mobile Malware Perkele
  • 42. 42 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime CryptoCurrencies
  • 43. 43 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime CryptoCurrencies
  • 44. 44 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime CryptoCurrencies
  • 45. 45 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March New trends at Cyber-Crime CryptoCurrencies TOTAL HASH RATE 24H HASH RATE
  • 46. 46 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Let’s see some real examples about new trends.
  • 47. 47 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Example
  • 48. 48 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Example Timeline: Brian Krebs 18/Dec/2013: Sources: Target Investigating Data Breach 20/Dec/2013: Cards Stolen in Target Breach Flood Underground Markets 22/Dec/2013: Non-US Cards Used At Target Fetch Premium 24/Dec/2013: Who’s Selling Credit Cards from Target? 10/Jan/2014: Target: Names, Emails, Phone Numbers on Up To 70 Million Customers Stolen 15/Jan/2014: A First Look at the Target Intrusion, Malware 16/Jan/2014: A Closer Look at the Target Malware, Part II 29/Jan/2014: New Clues in the Target Breach 04/Feb/2014: These Guys Battled BlackPOS at a Retailer 05/Feb/2014: Target Hackers Broke in Via HVAC Company 12/Feb/2014: Email Attack on Vendor Set Up Breach at Target 19/Feb/2014: Fire Sale on Cards Stolen in Target Breach 25/Feb/2014: Card Backlog Extends Pain from Target Breach
  • 49. 49 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Example
  • 50. 50 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Example
  • 51. 51 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Intelligence
  • 52. 52 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Intelligence
  • 53. 53 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Intelligence
  • 54. 54 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Cyber-Criminals Infrastructure
  • 55. 55 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure BOTNETINTERNET Simple
  • 56. 56 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure Proxy BOTNETINTERNET VICTIMS PROXY
  • 57. 57 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure Duble Proxy BOTNETINTERNET VICTIMS PROXY - 1 PROXY - 2
  • 58. 58 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure Fastflux + C&C FAST FLUXBOTNET FASTFLUX VICTIM HTTP GET RESPONSE CONTENT GET REDIRECT RESPONSE CONTENT
  • 59. 59 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure Fastflux + PROXY + C&C FAST FLUXBOTNET FASTFLUX VICTIM HTTP GET RESPONSE CONTENT GET REDIRECT RESPONSE CONTENT
  • 60. 60 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure BP HOSTERS BP HOSTERINTERNET VICTIMS Backend Server
  • 61. 61 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure OWN Infrastructures INTERNET IPIP Tunel OpenVPN Server VPN Client Backend Server Backend Server Backend Server Backend Server Backend Server VICTIMS
  • 62. 62 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure P2P INTERNET P2P Network Web Panel Backup Server VICTIMS
  • 63. 63 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March Infrastructure TOR INTERNET Web Panel TOR Network VICTIMS
  • 64. 64 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
  • 65. 65 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March

Notas del editor

  1. AlinaVacariuDexter MorganSergey Taraspov