The TAO of .NET and PowerShell Malware Analysis

Presented at Nuit du Hack 2015, June 20, 2015, 4:15 p.m. (45 minutes).

With the ubiquitous adoption of Microsoft's .NET and PowerShell frameworks, an ever increasing number of software development and IT ninjas have joined a nascent tradition of professionals leveraging these powerful environments for added efficacy in their everyday jobs. With a wide array of libraries and cmdlets at their fingertips, the need to reinvent the wheel is long forgotten.

Of course, malware writers are not far behind --they too have seen the light and are eager to use these convenient tools against us. Whether it's for everyday ransomware or state-sponsored targeted campaigns, cybercriminals are now emboldened by a new arsenal that enables them to adapt with ease and agility. Are you ready to defend yourself against this emerging threat?

It's time to understand our adversaries' capabilities. We'll analyze select in-the-wild malware samples, piecing apart the inner workings of these dastardly creations. We'll introduce the cloaking mechanisms adopted by cybercriminals, moving beyond managed code in executed environments to the devious packers, obfuscators, and crypters leveraged in conjunction with these powerful frameworks in order to baffle malware analysts and forensic investigators.

Knowing is not enough; we must apply. Willing is not enough; we must do. With a plethora of post exploitation and lateral movement tools created and customized everyday in rapid application development environments and high level programming languages, defending against this kind of pervasive opponent is a full time job.


Presenters:

Links:

Similar Presentations: