Technet Spotlight On Demand Video - Alex Smolen, Rudolph Araujo - The Spy Who Hacked Me!

  • Article

This is a joint presentation with Rudolph Araujo, a fellow Developer Security MVP, which will draw on his malware and Visual C/C++ skills and Alex's Web security skills. Consider the following scenario: you work as a developer/IT professional at a company facing increasing competition from a low cost provider in Slobovia. Your company's competitive advantages are based on intellectual property, customer records, and other sensitive proprietary information. What if someone could secretly steal that information? Modern spying is not always James Bond's fancy gadgets and beautiful women. Well, at least not just that! For the modern day Internet hacker, espionage is a constant technological battle being waged against organizations to pillage sensitive data for profit. In this presentation following a corporate espionage story based on real-world incidents, the presenters walks through attack scenarios where a cyber-spy with access to nothing but the corporate Web site exploits Web vulnerabilities to piggy back into the internal network and install malware on critical components. The attackers then use this malware to steal proprietary and sensitive information, as well as launch further attacks against unpatched vulnerabilities on the internal network. The session demonstrates both traditional malware in the form of rootkits, and newer JavaScript-based backdoors and Trojan horses that can stealthily achieve their malicious end. The presenters will discuss and demonstrate the various types of new and innovative exploits that go into making such an attack successful. They will use automated attack frameworks and advanced malware tactics to demonstrate eye opening exploits. The presentation will focus on the complex strategies of modern day Internet attackers-not focused on just 15 minutes of fame by making their compromises public, but on silently stealing information and compromising business in as subtle and covert of a manner as possible.

https://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=990