Investigating Malware Using Memory Forensics - A Practical Approach

Presented at Black Hat Asia 2019, March 28, 2019, 3:30 p.m. (60 minutes)

The number of cyber attacks is undoubtedly on the rise targeting government, military, public and private sectors. Most of these cyber attacks make use of malicious programs (Malware) for financial theft, espionage, intellectual property theft, and political motives. These malware programs use various techniques to execute their malicious code and to remain undetected from the security products. With adversaries becoming sophisticated and carrying out advanced malware attacks, it is critical for the cybersecurity professionals to detect and respond to such intrusions. This presentation mainly focuses on the practical concept of memory forensics and shows how to use memory forensics to detect, investigate and understand the capabilities of malicious software. In addition to that, with the help of various demonstrations, the presentation also covers various tricks and techniques used by the malware including some of the stealth and evasive capabilities.

Presenters:

• Monnappa K A - Information Security Investigator, Cisco systems
  <div> <div>Monnappa K A works for Cisco Systems as an information security investigator focusing on threat intelligence, investigation, and research of cyber espionage and advanced cyber attacks. He is the author of the best selling book "Learning Malware Analysis". He is the creator of Limon Linux sandbox and winner of Volatility plugin contest 2016. He is the co-founder of the cybersecurity research community "Cysinfo" (<a href="https://protect-eu.mimecast.com/s/nFVMCOM00sEqBGysEwmB3?domain=cysinfo.com" target="_blank" rel="noopener">https://www.cysinfo.com</a>). His fields of interest include malware analysis, reverse engineering, memory forensics, and threat intelligence. He has presented at various security conferences including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit and Cysinfo meetings on various topics which include memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has conducted training sessions at Black Hat, BruCON, FIRST (Forum of Incident Response and Security teams), SEC-T and 4SICS-SCADA/ICS cyber security summit. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community in his YouTube channel (<a href="https://protect-eu.mimecast.com/s/qkumCROVVUy73VzFOCFVq?domain=youtube.com" target="_blank" rel="noopener">http://www.youtube.com/c/MonnappaKA</a>) and you can read his blog posts at <a href="https://protect-eu.mimecast.com/s/c0UPCQn88IJzwxyTMh6LM?domain=cysinfo.com" target="_blank" rel="noopener">https://cysinfo.com</a></div> <div>Twitter: @monnappa22</div> </div>

Links:

• https://www.blackhat.com/asia-19/briefings/schedule/#investigating-malware-using-memory-forensics---a-practical-approach-14413
• https://www.youtube.com/watch?v=BMFCdAGxVN4

Similar Presentations:

• Black Hat Asia 2017 / What Malware Authors Don't Want You to Know - Evasive Hollow Process Injection
• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!
• DeepSec 2014 „Do you want to know more?“ / Memory Forensics and Security Analytics : Detecting Unknown Malware