This lesson explores a speech delivered by Rob Joyce of
Tailored Access Operations (TAO), a division of the NSA, on defending
from Nation State Exploiters.
Mr. Joyce talks about the basics first, knowing the network,
knowing the vulnerabilities.
He lists phases of an intrusion at 2:06, and continues to talk
about them in the presentation.
Reconnaissance - scanning, gathering public information,
figuring out who is important, figuring out what is actually in use in
the network, then research for functionality, vulnerability, and
we should run our own penetration tests, and keep them
for reference in the next test, because things are often not corrected.
APT will look for holes opened for vendors to fix
Initial Exploitation - try spear phishing, waterholing,
exploit a known CVE. most intrusions start with an email with a
malicious payload, a visit to corrupted website, or contaminated
removable media. pass the hash attacks (see pdf attached in
use technical enforcement of policies, don't rely on
users to do the right thing.