Understanding Advanced Persistent Threats Webinar
Measurement
Webinar
In this technical session, Jason Rogers, CEO of Invary, is joined by Bryan Smith, a former Technical Director at the NSA, to explore the anatomy of a modern APT, from initial compromise to stealth persistence.
Jason and Bryan demonstrate an APT in action, showing how advanced threats evade detection from traditional endpoint protection platforms, and establish long-term footholds. The discussion includes detailed analysis of the techniques used and how similar APTs are observed in the wild. It concludes with a demonstration of how Invary’s Runtime Integrity platform provides a unique approach to finding APTs, by validating the integrity of systems at runtime.
Understanding APTs 00:01:19 – 00:04:07 | What APTs are, why they’re used, real-world examples like Volt Typhoon
APT Prevalence and Rising Use 00:04:07 – 00:06:05 | Cost vs. value for attackers, increasing frequency, targeting all sectors
APT Demo Setup 00:06:05 – 00:07:01 | Description of test environment, basis for simulated APT (e.g., Drovorub)
APT Behavior Demonstration 00:07:01 – 00:11:04 | Implantation & In-Memory Techniques
Privilege Escalation, Log Obfuscation 00:11:04 – 00:17:00
Living Off the Land 00:12:27 – 00:14:00
Command & Control 00:14:00 – 00:16:00
Living Off the Land 00:12:27 – 00:14:00
Command & Control 00:14:00 – 00:16:00
File Hiding, Process Hiding 00:16:00 – 00:24:00
Network Stealth and Firewall Evasion 00:24:00 – 00:27:00
Kernel Hijack Techniques 00:27:00 – 00:30:006
Runtime Integrity Detection 00:30:00 – 00:39:00 | How Invary detects changes to kernel memory; JSON output walkthrough
Cross-Platform Threats 00:39:00 – 00:40:00 | Linux, Windows, Mac, Mobile—all are targets
Q&A Session 00:40:00 – 00:44:00 | Endpoint bypassing, attribution challenges, the value of real-time visibility
