By Ed Skoudis
Last week, I had the honor of presenting at the RSA conference in a session with Dr. Johannes Ullrich and Alan Paller. We presented on six major attack vectors, a theme we have revisited each year for the past 6 or so years, as we watch the bad guys' tactics evolve. I base my analysis on what I'm seeing in the breach cases I work on, while Dr. J gets his data from the activities of the Internet Storm Center.
In the RSA session, Dr. J and I each talk for 15 minutes to set the tone of the conversation and explore some issues, and then we open it up for questions and answers from the audience, panel style. Our slides are available here.
Darren Pauli from SC Magazine wrote up a fantastic summary of the session here. He really pulled out the most important points and explained them well.
My section of the talk focused on DNS as a malware command-and-control channel in recent large-scale breach cases, SSL getting slapped again and again, and emerging mobile device attacks to establish a beach-head inside an enterprise. That first topic, the DNS command and control channel, got some notice by the press, as did my mention of the upcoming CertGuard tool from Tom Liston, the Internet Storm Center, and InGuardians. CertGuard is slotted for free release later this Spring. In the SC Magazine photo included with the article on DNS command and control (included below), I look like I'm about to eat a puppy.
I was really happy with the way the session turned out, and I'm hoping we'll get a chance to do it all again next year!