5 research outputs found
The Treatment of Advanced Persistent Threats on Windows Based Systems
Advanced Persistent Threat (APT) is the name given to individuals or groups
who write malicious software (malware) and who have the intent to perform actions
detrimental to the victim or the victims' organisation. This thesis investigates ways in
which it is possible to treat APTs before, during and after the malware has been laid
down on the victim's computer. The scope of the thesis is restricted to desktop and
laptop computers with hard disk drives. APTs have different motivations for their
work and this thesis is agnostic towards their origin and intent.
Anti-malware companies freely present the work of APTs in many ways but
summarise mainly in the form of white papers. Individually, pieces of these works
give an incomplete picture of an APT but in aggregate it is possible to construct a
view of APT families and pan-APT commonalities by comparing and contrasting the
work of many anti-malware companies; it as if there are alot of the pieces of a jigsaw
puzzle but there is no box lid available with the complete picture. In addition,
academic papers provide proof of concept attacks and observations, some of which
may become used by malware writers. Gaps in, and extensions to, the public
knowledge may be filled through inference, implication, interpolation and
extrapolation and form the basis for this thesis.
The thesis presents a view of where APTs lie on windows-based systems. It
uses this view to create and build generic views of where APTs lie on Hard Disc
Drives on Windows based systems using the Lockheed Martin Cyber Kill Chain.
This is then used to treat APTs on Windows based IT systems using purpose-built
software in such a way that the malware is negated by. The thesis does not claim to find all malware on but it demonstrates how to increase the cost of doing business for APTs, for example by overwriting unused disc space so APTs cannot place malware there.
The software developed was able to find Indicators of Compromise on all eight Hard Disc Drives provided for analysis. Separately, from a corpus of 228 files
known to be associated with malware it identified approximately two thirds as Indicators of Compromise
Memorias de los Proyectos de Innovación Docente: Año 2016-2017
Los Proyectos de Innovación Docente de la Universidad de Valladolid reflejan la mejora en la docencia universitaria. Estos proyectos nos permiten visibilizar el mapa de acciones que en la Universidad de Valladolid se están llevando a cabo (individuales o colectivas) para la mejora de la calidad docente, apostando en última instancia por mejorar el aprendizaje de los estudiantes de las diferentes titulaciones de dicha universidad