Mischievous Goots: Atomic Testing and Gootloader

Presented at Diana Initiative 2023, Aug. 7, 2023, 11:30 a.m. (60 minutes).

Testing out detection capabilities before putting them into operation is important, even if you don’t have a big production environment to protect (yet). That’s where Atomic Red Team comes in! Together, we’ll talk about an open source library of prebuilt tests to evaluate your environment’s visibility and how you can make your own environment to test them in. We’ll walk through a real world threat (Gootloader!), how it works, and how we can test each of its behaviors to see how our environment stands up against it. Then, we’ll talk a little about the differences between this and live environments. If you want to learn about testing detectors in live environments, this is for you!

Presenters:

• KillrBunn3
  KillrBunn3 started her career as a student tinkering with old computer hardware, fascinated with programming logic and evidence left on computers after attacks. She first began studying malware and threat intelligence when working in a startup SOC, learning more as she participated in new incidents, trained new analysts, and published new reports on varying industry topics. Today, she uses her technical background to create content that helps educate the information security community.

Links:

• https://thedianainitiative2023.sched.com/event/1NVAt/mischievous-goots-atomic-testing-and-gootloader
• https://infocon.org/cons/Diana Initiative/Diana Initiative 2023/KillrBunn3 - Mischievous Goots Atomic Testing and Gootloader.mp4
• https://infocon.org/cons/Diana Initiative/Diana Initiative 2023/KillrBunn3 - Mischievous Goots Atomic Testing and Gootloader.eng.srt (subtitles)
• https://www.youtube.com/watch?v=NQzCoFN3vZc

Similar Presentations:

• DerbyCon 7.0 Legacy (2017) / When to Test, and How to Test It
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??
• PancakesCon 4 (2023) Virtual / Spinning a Yarn on Atomic Testing