A critical issue facing internet users today is unwanted software, which is often installed unknowingly on systems by users clicking on deceptive links or bundled with existing software packages. For the large and growing body of infected users, the damage to their experience is dramatic. We believe it’s important for players like Google who participate in all parts of the web ecosystem to help discourage developer practices that are malicious.
Large companies run their business in complex landscapes with multiple systems. To monitor and detect or better prevent malicious activities is challenging, especially if attacks include the penetration of more than one system. One approach is (near) real time attack monitoring. The main challenges are handling large amounts of data, delivering appropriate content to customers to provide a basic defense, as well as offering customers to browse the data.
When a new report on an advanced adversary is released, how do you search for the indicators of compromise on your network? Using FireEye’s APT 28 report, we’ll explore how 4 Open Source Tools -- GRR, Plaso, Rekall, and Timesketch -- can be used to find file names and registry keys on hosts across your corporate network.
The presentation will go over the Intel® Device Protection Technology with Boot Guard, a platform boot integrity protection technology that strengthens the platform boot process by providing hardware-based root of trust for verification and measurement. We’ll discuss the problems faced with the security of the legacy boot processes and highlight the future need of this technology as the platforms become more accessible by external vendors.