The world was apprised of a critical un-patched zero day vulnerability in Microsoft’s ubiquitous Internet Explorer web browsing software when it was announced that the flaw had been used in successful attacks – dubbed Operation Aurora – carried out against search giant Google and at least 20 other firms, including Adobe, Juniper Networks, Rackspace, Yahoo! and Symantec. It's now known that the attacks used the IE flaw to drop malware onto compromised systems and connect them back to centralized command and control infrastructure. The first task that the involved malware carries out is sending information about registry keys and other detailed information about compromised systems before awaiting further instructions, putting affected organizations in peril both today and in the future. This specialized program for security staffers and strategists alike will demonstrate how the Aurora hacks were carried out and also highlight how CORE IMPACT can help you:
- Test popular endpoint applications for open vulnerabilities.
- Understand how specific vulnerabilities can be used to compromise other systems.
- Assess end user awareness to spear phishing and other social engineering techniques.
- Validate the efficacy of vulnerability remediation programs and security defenses
- Measure security standing over time to benchmark performance.
“Replicating the Operation Aurora Attacks” – featuring Alex Horan, Director of Product Management at Core Security Technologies
