Adaptive Persistent Threats
Aaron DeGrave and Miles Duncan
1 minute read ∼ Tagged with : apt • threat • malware • persistent • dfir • forensics • investigations ∼ Filed in : capstone • projectAdaptive Persistent Threats
Threat simulation is a topic that often flies under the radar of the CyberSecurity industry. The goal of this project is to bring light to what threat simulation is and does, as well as develop a functional product that security researchers can then utilize to aid in detections of what advanced actors may do in the future. The malware sample being simulated is Russia’s APT29 group, specifically their sample known as HammerToss. This malware sample was originally seen in the wild in 2015 meaning detection algorithms should already be tuned to their methodology. In this case, the security researchers are emulating the framework that was set by APT29 with their own twist. This will allow the security researchers to determine whether or not the detection algorithms were properly created and implemented, or if they still need to be worked on. In order to determine the capabilities of HammerToss, the security researchers had to do a deep dive into the realm of the threat group. This involved in-depth research on the specific sample as well as the group as a whole.
This project was performed at Champlain College by Aaron DeGrave and Miles Duncan and is presented to you by Computer and Digital Forensics (CDF) Program.
