Asia-24-Chen-Chinese-APT

#BHASIA @BlackHatEventsChinese APT: A Master of Exploiting Edge DevicesCharles LiGreg Chen # BHASIA @BlackHatEventsAgendanExploit Target ChangednCase Study of Weaponized Edge Device nMalware implanted in Edge DevicenMitigation & Response# BHASIA @BlackHatEventsExploit Target Changed# BHASIA @BlackHatEventsGood old days of spear phishing emails# BHASIA @BlackHatEventsDocument exploitation were good exploit targets for spear phishing attack.Good old days of spear phishing emailsCVE-2011-0611CVE-2008-5353CVE-2009-3867CVE-2009-0556CVE-2009-3129CVE-2009-4324CVE-2009-0927CVE-2010-0188CVE-2022-30190CVE-2018-0802CVE-2018-0798CVE-2017-11882CVE-2012-0158CVE-2010-3333CVE-2010-288320082009201020112012201720182022•Adobe sandboxed PDF and flash player•Vista SP1 with full memory protections (ASLR, DEP…)2013•EDR emerged# BHASIA @BlackHatEventsExploitation for Edge Device Raises1/2•Edge device: An endpoint on the network, the interfacebetween the data center and the real world. It collects or communica