To Catch a Spy

Presented at DerbyCon 7.0 Legacy (2017), Sept. 23, 2017, 9 a.m. (50 minutes)

In the first Vault 7 WikiLeaks dump, the documents discussed several different persistence and anti-RE techniques that the CIA supposedly uses to avoid detection and maintain access to systems they compromise. None of these methods are new or undetectable; in fact, all of them have been widely used by malware for years. This talk will discuss each of these techniques, how they work, and more importantly, how defenders can detect the use of these techniques in their environments or during their investigations. Tyler has more than 15 years of extensive experience in incident handling, malware analysis, computer forensics, and information security at multiple organizations. He has also spoken and taught at a number of security conferences on these and other infosec topics. Iä! Cthulhu fhtagn! @secshoggoth

Presenters:

• Tyler Hudak

Links:

• https://www.derbycon.com/saturday-schedule/#event-136
• https://infocon.org/cons/DerbyCon/DerbyCon 7 2017/To Catch a Spy Tyler Hudak.mp4

Similar Presentations:

• DerbyCon 7.0 Legacy (2017) / Advanced Threat Hunting
• Black Hat USA 2014 / Prevalent Characteristics in Modern Malware
• Black Hat USA 2014 / One Packer to Rule Them All: Empirical Identification, Comparison, and Circumvention of Current Antivirus Detection Techniques