Veteran malware hunter Costin Raiu talks about writing his own an anti-virus program as a teenager in Romania, his work tracking advanced threat actors globally, and why he assumes his computer is compromised by at least three APT groups.
Order, configure and deploy your Canaries throughout your network. Make one a Windows file server, another a router, throw in a few Linux webservers while you're at it. Each one hosts realistic services and look and acts like its namesake.
Then you wait. Your Canaries run in the background, waiting for intruders.
Attackers prowling a target network look for juicy content. They browse Active Directory for file servers and explore file shares looking for documents, try default passwords against network devices and web services, and scan for open services across the network.
When they encounter a Canary, the services on offer are designed to solicit further investigation, at which point your Canary notifies you of the incident.
- "Equation Group" ran the most advanced hacking operation ever uncovered
- The adventures of lab ED011 — One Romanian campus computer lab both pentested the world and eventually helped protect it
- Costin Raiu on Twitter
- The "Red October" Campaign