All roads lead to Rome: the Conti manual leak dissection

Gabriela Nicolao (Deloitte) & Luciano Martins (Deloitte)

The Conti group's modus operandi, formed of manuals and software, was leaked by a user with the handle "m1Geelka" on 5 August 2021, resulting in the disclosure of how this group carries out its attacks. Interestingly, this modus operandi does not only apply to this group but was observed in many ransom-as-a-service attacks from different operators. This presentation will discuss and map every tactic, technique, and procedure (TTP) using the Mitre Att&ck Framework identified in the leaked manuals. This presentation aims to broaden the defenders' visibility of ransomware-as-a-service attacks and to help to better understand the threat actors' operations within a network.

Gabriela Nicolao

Deloitte

Gabriela has a degree in information systems engineering from the Universidad Tecnológica Nacional (UTN) and a postgraduate degree in cryptography and teleinformatics security specialization from Escuela Superior Técnica of Facultad del Ejercito in Argentina. She works at Deloitte in the cyber threat intelligence area. Her tasks include malware analysis, network traffic analysis, incident response and indicators of compromise (IoC) hunting. She has more than five years of experience in the security field. She is also a teacher at UTN.

@rove4ever

Luciano Martins

Deloitte

Luciano Martins is Partner of Cyber Threat Intelligence at Deloitte Argentina and founder of the Vulnerability Assessment area, where he worked and has been working for more than 15 years doing black box testing, ethical hacking work, malware analysis, traffic analysis, incident response, digital forensic analysis, IOC, IOA, APT (Advanced Persistent Threats) hunting. He has strong skills in reverse engineering and application development. Luciano has about 20 years of experience in the field of security. Before joining Deloitte, he founded the USSR LABS company in Argentina, which he led for five years.

@clucianomartins