Commodity malware means YOU! And everybody in this room, let’s look at one called Dridex

Presented at BSides Austin 2016, April 1, 2016, noon (60 minutes)

Commodity malware hits everyone at some point, you might avoid it because you are in InfoSec and don't open rogue email attachments, URL's or use script blockers while surfing the InterWebbings. But for the average Joe, the people we consult with, the users in our company, your family and friends, this is a highly effective way to get p0wned. Dridex is one such campaign that will be reviewed. Why? For what it does, how it does it and how effective at hiding once launched, even from us experienced malware hunters. What this malware does, and many just like it, is what we all need to understand to better defend ourselves, our families, our users and our clients. Commodity malware is no longer lame, it is learning by what APT does, kits that are created for APT that are retired or commoditized, or just being written by the APT authors for extra $$$, it's just not their best stuff. We need to know because we must learn and evolve our InfoSec programs and skills or get p0wned! And cleanup is no fun, especially in quantity. So what works, what can we do to improve things, how does this map to the future of our 2-5 year plans? This talk will look at some simple low cost remedies and opened to questions at the end to discuss other solutions and projects so we can all learn and share.

Presenters:

  • Michael Gough
    Michael (CISSP, CISA and CSIH) is a Malware Archaeologist, Blue Team defender, Active Defender, Incident Responder, Information Security professional and logoholic. Michael developed the "Malware Management Framework" to improve malware discovery and detect and response capabilities. Michael also authored several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits, set, collects and report on malicious Windows log data and malicious system artifacts. Michael's responsible disclosures involve cardkey system exploits and vulnerabilities with leading security products. Michael has also Michael's background includes 20 years of security consulting for Fortune 500 organizations with HP, health care, financial and gaming industries. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons. Michael is also blogs on HackerHurricane.com on various InfoSec topics.

Links:

Similar Presentations: