OUR RESEARCH

Our Papers

Command and Control in the Fifth Domain

February 2012

Command and Control in the Fifth Domain

This paper presents the findings of an extensive investigation into command and control infrastructure used by an Advanced Persistent Threat. Findings include technical details of malicious software, and associated command and control protocols. These findings are drawn upon to identify modus operandi and demonstrate links between a number of major targeted attacks including the recent Sykipot attacks, the July 2011 SK Communications hack, the March 2011 RSA breach, and the series of coordinated cyber attacks dubbed NightDragon.

View/Download

SHA1: f8b1d371008a2108bb7ded054b7b0b7cdc4d5295

SK Hack by an Advanced Persistent Threat

September 2011

SK Hack by an Advanced Persistent Threat

This document summarises the July 2011 intrusion into SK Communications which culminated in the theft of the personal information of up to 35 million people. It describes the use of a trojaned software update to gain access to the target network, in effect turning a security practice into a vulnerability. It also describes the use of a legitimate company to host tools used in the intrusion. Links between this intrusion and other malicious activity are identified and valuable insights are provided for network defenders. Technical details of malicious software and infrastructure are also provided.

View/Download

SHA1: 2b98220caf158d1c4f6d72abbc379899e35edc4d

Advanced Persistent Threats: A Decade in Review

June 2011

Advanced Persistent Threats: A Decade in Review

This document defines the term Advanced Persistent Threat (APT) in the context of cyber threats and cyber attack. It presents a timeline and summary of prominent cyber attacks likely attributable to APTs over the past decade. Commonalities are identified and assessed in the context of the current cyber threat environment. Trends are used to predict future APT targeting. APT attack methodology is discussed, and, in conclusion, a set of security practices and policies are provided that could help many organisations increase their resilience to APT attack.

View/Download

SHA1: 725568c41fa9f1d7e8a2226e71e5b2a39fd08121

Our Advisories

Threat Advisory: Atlassian Crowd (CVE-2013-3925)

June 2013

Threat Advisory: Atlassian Crowd (CVE-2013-3925)

This advisory examines a critical vulnerability in Atlassian Crowd - a software package marketed as a turnkey solution for enterprise scale single sign-on and secure user authentication. The vulnerability is remotely accessible, does not require authentication, and is easily exploited. Recommendations for securing affected systems are provided and special mention is made of an unpatched weakness in the product that could be classified as a symmetric backdoor.

View/Download

SHA1: a37e13f6e7ed5b3600e707ae149b85779d9025b1

Our Software

C5 SIGMA

C5 SIGMA takes network packet capture data as input and produces a structured relational database that can be used for analysis and reporting using SQL queries.

Screenshot

Screenshot

Screenshot

Screenshot

GNU General Public License

More Details/Download

Your Feedback

We invite you to submit research suggestions and feedback using our online form.