Christopher Doman
Chris Doman is a co-founder of Cado Security. He joined the industry after winning a cyber-security competition run by the US DoD. Chris is known for building the popular threat intelligence portal ThreatCrowd, which subsequently merged into the AlienVault Open Threat Exchange. Whilst working at PwC and ATT AlienVault in research and development, Chris published a number of widely read articles and papers on targeted cyber attacks. His research on topics such as the North Korean government's crypto-currency theft schemes, and China's attacks against dissident websites, have been widely discussed in the media. He has given interviews to print, radio, and TV such as CNN and BBC News. Chris has previously spoken at conferences including Blackhat and various Bsides.
Session
Recent cloud-focused malware campaigns have shown adversary groups possess an advanced knowledge of cloud technologies and their security mechanisms, with this knowledge being used to their advantage in a range of attacks. These attacks are no longer focused solely on cloud compute environments. Adversaries are now shifting focus to target serverless environments and containers.
In this session, Chris will provide an overview of three malware campaigns (TeamTNT, Denonia, Abcbot) where novel TTPs leveraged against cloud technologies were observed. Chris will guide the audience through notable examples of anti-forensics, credential theft and system-weakening techniques used in real-world attacks on cloud infrastructure. This includes techniques such as changing file timestamps post-compromise and evasion at the network level.