This is yet another blog about APT (if you don't know what this stands for, you're in the wrong place or need to read on).
It's dedicated to share interesting (in my opinion) links to APT resources, and some of the most interesting facts of each link (only when I have spare time).
The blog title should be a word game from "capture the APT". The main topic will be how to be able to identify (and maybe remediate) APT infected systems.
If you have suggestions for additional resources or if you find incorrect facts on here, please email me (firstname.lastname@example.org -- you should know the TLD of gmail, starts with a 'C' and ends with 'OM').
Here's an interesting paper from Deloitte:
Cyber crime: a clear and present danger -- Combating the fastest growing cyber security threat
One of my favorite sites is the one from Mandiant (not just because of the great free IR tools they offer). They also have services about APT and the M-Trends report is a good read, too. I can also recommend their M-unition blog and their presentations, especially the latest one "State of the Hack: Silent But Deadly" from March 11 (slides, video, audio available).
Another blog I like to read is from Damballa: The Day Before Zero
The post "The Truth About Two Malware Families Related to Operation Aurora" makes a connection from Fake-AV Malware to Operation Aurora. I see lots of Fake-AV events from infected websites and Blackhat SEO Google redirects. Should I be worried now?
I don't want to spill all the best links at once, so I will write more later...
Thanks for stopping by and please come back again :-)
*** Disclaimer: I'm not affiliated with any of the companies linked in this blog.
I won't tell you what company I work for, unless you find out yourself. ***