Baskin Brian - Dissecting the hack the V3rb0ten network

1. Figures in 3

Jayson E. Street

Brian Baskin

Kristin Sims

Technical Editor

Brian Martin

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

Copyright 2016 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

ISBN: 978-0-12-804278-6

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library.

Library of Congress Control Number: 2015944244

For Information on all Syngress publications visit our website at http://store.elsevier.com/

To Earl L. Street

All that I am and part of what my children will become is because of who you were. Thank you and I miss and think of you every day.

To Dee, Drake and Aliera

For all the love and understanding you give me thank you. Also for putting up with me when I am there and missing me when I am away.

Brittney Jordan , Who helped with editing and polishing the interview section. Who was there for me when I needed to bounce ideas off someone and who encouraged me to get this finished.

Cami Bottoms , Who let me hang out and ramble for hours into a recorder. Who asked questions which made me come up with answers.

Adam Laurie, Thomas Lim, and Josh Thomas , For agreeing on the spur of the moment to provide insight and advice through a very rushed interview in Singapore!

Jennifer Mc Knight , She wrote most of the first draft of the prologue.

Jayson E. Street is the InfoSec Ranger at Pwnie Express Lead Organizer for the DEF CON Groups, He is also a Senior Partner at Krypton Security and CEO of Stratagem 1 Solutions.

Jayson battled a dragon during the Fire Run in Barcelona Spain. He accidentally broke into a shark tank in the Dominican Republic and climbed the pyramid of Giza (until the guards carrying AK-47s expressed their displeasure). He consulted with the Secret Service in 2007 on the WIFI security of the White House, and has had tea with a Lebanese General in Beirut.

Jayson never finished High School but does have his GED. His first book is used as course material at four colleges in three countries (that he knows of), and he has spoken at numerous universities in the US and gave an eight hour lecture at the Beijing Institute of Technology in 2014. Outside of standardized education, Jayson has spoken five times at DEF CON, at every DerbyCon since its inception, and at many other Cons around the world.

Jayson is only one degree away from Kevin Bacon after awkward hugging Oliver Stone and Jimmy Fallon. He started in security and law enforcement over 25 years ago and has always striven to make things more secure. Jayson has been in the Information Security industry for over 15 years, and once broke into a high scale hotel in the South of France - barefoot - wearing Teenage Mutant Ninja Turtles pajamas. It took him under 2 minutes to walk in and successfully compromise a bank in Beirut Lebanon. He was also noted as the best janitor of all McDonalds in the South East Texas region for 2 consecutive years.

Although Jayson has been hit by three cars while on foot, he has only been shot at once (they missed). He was Time Magazines person of the year for 2006 and lived behind a dumpster for a summer when he was sixteen. Within two weeks, he was able to awkward hug the head of the N.S.A. in Vegas and two Chinese soldiers on the Great Wall of China. Jayson has had pizza on the Nile River in Egypt, within view of the Eiffel Tower in France, near the Forbidden City in Beijing and on the coast in Brazil.

Jayson has conducted successful social engineering engagements around the world from Jordan to Jamaica. He survived cancer, extreme falls, car accidents, two house fires and Twitter drama. He prides himself in spending most of his time working for a national financial institution as their resident hacker and the designer of their network defenses.

Jayson swam with dolphins in Singapore and a sea turtle in the Maldives. He has been sword fighting since the age of seven and has an extensive collection of swords from all over the world. He was asked to give his DEFCON 19 speech at an undisclosed government agencys headquarters (After smuggling in all the items that make the arsenal of his Vest of D00M, Jayson was then asked never to return).

Jayson was quoted in The Rolling Stone Magazine, The Economist, Forbes and The Daily Oklahoman. Hes been interviewed on numerous television shows regarding security related topics. He also filmed a pilot for a TV show featuring hackers in a positive light (it never aired). He has held, or is currently holding, many industry certs such as CISSP, GSEC, GCIH, GCFA, IAM, IEM, Security+, CEH, etc

Also please note none of these above statements are false!

Brian Baskin is a security professional who specializes in digital forensics and incident response and has worked for over 15 years to help secure enterprise and federal government environments.

Brian is an active incident responder, malware analyst, reverse engineer, and forensic analyst. He has worked incident responses for RSA Security, as well as Newberry Group, cmdLabs, and CSC. He first encountered the APT threat in the middle of an exfil in 2004, before it was cool. He has completed hundreds of official forensic examinations that include active compromises of entire networks and continuing threats against Defense contractors. He has worked with international law enforcement agencies to analyze seized hackers systems to correlate back to large-scale attacks, and has documented the evolution of custom malware encryption routines over the course of half a decade. His work has been commented upon on the front page of news media, though his role will continue to remain anonymous and undisclosed.