Asia-24-Chen-Chinese-APT.pdf

《Asia-24-Chen-Chinese-APT.pdf》由会员分享，可在线阅读，更多相关《Asia-24-Chen-Chinese-APT.pdf（32页珍藏版）》请在三个皮匠报告上搜索。

1、#BHASIA BlackHatEventsChinese APT:A Master of Exploiting Edge DevicesCharles LiGreg Chen#BHASIA BlackHatEventsAgendanExploit Target ChangednCase Study of Weaponized Edge Device nMalware implanted in Edge DevicenMitigation&Response#BHASIA BlackHatEventsExploit Target Changed#BHASIA BlackHatEventsGood

2、 old days of spear phishing emails#BHASIA BlackHatEventsDocument exploitation were good exploit targets for spear phishing attack.Good old days of spear phishing emailsCVE-2011-0611CVE-2008-5353CVE-2009-3867CVE-2009-0556CVE-2009-3129CVE-2009-4324CVE-2009-0927CVE-2010-0188CVE-2022-30190CVE-2018-0802C

3、VE-2018-0798CVE-2017-11882CVE-2012-0158CVE-2010-3333CVE-2010-288320082009201020112012201720182022Adobe sandboxed PDF and flash playerVista SP1 with full memory protections(ASLR,DEP)2013EDR emerged#BHASIA BlackHatEventsExploitation for Edge Device Raises1/2Edge device:An endpoint on the network,the i

4、nterface between the data center and the real world.It collects or communicates information.Edge device has become the important targets for Chinese actors as an initial compromise entry After advent of COVID19,work-from-Home becomes the trend,and it requires more edge devices to access Enterprise n

5、etwork.#BHASIA BlackHatEventsExploitation for Edge Device Raises2/2APT31Volt TyphoonBlack TechChinese APT#BHASIA BlackHatEventsThe good for attack,the bad for defense1/2Mostly close platforms,few attentions from CSIRT teamNo Antivirus or EDR(Endpoint Detection and Response)Difficult for Incident Res

6、ponseUnpatched 3-party vulnerable componentPerl XLS parse library vuln.(CVE-2023-7101)in Barracuda ESGNo modern exploit mitigationCitrix ADC/NetScaler(FreeBSD 11.4)without ASLRCVE-2023-3519:Stack Overflow#BHASIA BlackHatEventsThe good for attack,the bad for defense2/2Difficult to Patch!Service may b