Hunting for Memory-Resident Malware

Presented at DerbyCon 7.0 Legacy (2017), Sept. 23, 2017, 1 p.m. (25 minutes)

Once a staple of nation state level adversaries, memory-resident malware techniques have become ubiquitous even for lowly criminal activity. With their ability to evade endpoint protection products, it is critical for defenders to understand and defend against these techniques. In this talk, I will describe both common and advanced stealth malware techniques which evade today’s hunt tools and methodologies. Attendees will learn about adversary stealth and understand ways to detect some of these methods. New code for rapidly hunting for these techniques across your enterprise will be released. Joe Desimone is a Senior Malware Researcher at Endgame. He has over 5 years of experience in the information security industry, primarily tracking and countering APTs, reverse engineering malware, and developing novel techniques and tools to empower hunt teams. Joe holds a BS and MS in Computer Security from RIT. @dez_

Presenters:

• Joe Desimone

Links:

• https://www.derbycon.com/saturday-schedule/#event-145

Similar Presentations:

• Black Hat Asia 2021 Virtual / Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
• Disobey 2020 / Hunting for malware: Picking DarkRatv2 apart
• BSidesLV 2016 / Latest evasion techniques in fileless malware