WINDSHIFT_summit_archive_1554718868 Archived: 2026-04-05 23:22:01 UTC 0% found this document useful (0 votes) 3K views37 pages WindShift APT: Insights and Analysis You are on page 1 37   TRAILS OF WINDSHIFT TAHA KARIM –MALWARE SPECIALIST 1   A little bit about me ! https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 1 of 11 Currently I’m founder and CTO of tephracoreTechnologies ! Malware Analysis for more than a decade. ! Previously worked at : Dark Matter, FireEye, Symantec ... ! Most known for: – Uncovering LatentBotIn 2015 –  A major carding investigation in 2016 – Multiple intelligence reports 2011-2019 – Uncovering WindShiftAPT in 2018 2   https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 2 of 11 A little bit about my company ! In 2019, tephracoreTechnologies a cyber security startup was established in Dubai ! With the purpose of raising the bar very high against threat actors (their job wont be easy anymore) ! We are specialized in malware analysis, Incident Response, Vulnerability analysis, security testing, building APT deception frameworks, and red team assessments and malware analysis training courses. ! We communicate via our technical blog see: https://tephracore.com/blog  3 https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 3 of 11 Contents ! Part 1: APT Myths and Definitions https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 4 of 11 ! Part 2: WINDSHIFT Modus Operandi ! Part 3: WINDSHIFT Attribution 4   Part 1: APT Myths and Definitions ! Does APT always means Advanced? – Case scenario: A target using unpatched Windows XP with no AV. ! A very advanced toolset would be an overkill and comes with an unnecessary toolset exposure, whilst a simple toolset will get the job done most of the times. ! Modern APT’s, Re-use of available tools, think copy-cat, evading attribution. https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 5 of 11 ! Simplicity always wins over complexity. Especially when time frames are shorts and/or budgets are limited. 5 Mitre Att&ck https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 6 of 11 From Scribd9 pages17 views Mitre Att&ck https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 7 of 11 No ratings yet   Part 1: APT Myths and Definitions 6 OPSEC EvasionEffectivenessUniquenessStealth Success Rate ExfiltrationReachPersistenceIntel Detection Counter measures Predictability AdaptabilityNoise How to measure an APT skill level OC1 https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 8 of 11 https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 9 of 11 From Scribd2 pages7 views OC1 https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 10 of 11 No ratings yet Source: https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868 Page 11 of 11