Tracking and Blocking Malware Distribution with Automation

Presented at LayerOne 2019, May 25, 2019, 11 a.m. (60 minutes)

This talk will conduct an analysis of one of the most effective Malware Distribution Networks being used today, form inferences on their distribution methods based on the behavior, and determine how to automatically block those distribution methods (preventing distribution of the malware samples). This process includes automatic collection of the malware being distributed, identifying additional downloaders, and analyses (both static & dynamic) of the stage 1 payloads and stage 2 malware samples.

Presenters:

• Chris Schafer
  Chris Schafer started in infosec 7 years ago playing CCDC. Since then, he’s worked extensively with logging, SIEMs, automation, and malware. His greatest professional goal is automating himself out of a job.

Links:

• https://www.youtube.com/watch?v=iNLnlGRvskc

Similar Presentations:

• GrrCON 2013 / Matriux Leandros - An Open Source Penetration Testing and Forensic Distribution
• VB2018 / DOKKAEBI: Documents of Korean and Evil Binary
• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!