DridexV4: What's under the hood?

Presented at BSides Austin 2017, May 4, 2017, 2 p.m. (60 minutes).

My talk this year I would like to focus on an informative talk about the Dridex family of malware and specifically DridexV4. Atombombing has been added to this fantastically destructive peice of malware and I am going to cover off what exactly has been found, the reverse engineering aspects and what each part does. The Atombombing will be a big focus as there is some seriously cool code injection involved! My presentation will also (if all woes well) Inolve a live demo of the DridexV4 and show how the Atombombing works!

Presenters:

• Martin (MrPhantom) Brough
  I have 18 years in the Information security industry. I work in security and I am a researcher by trade and hobby. I got my start in security in the US Marine Corps and I have achieved many certs and a fancy degree over the past years. I focus a lot of my time on Malware research and exploit mitigations.

Links:

• https://bsidesaustin2017.sched.com/event/AP21/dridexv4-whats-under-the-hood

Similar Presentations:

• DerbyCon 7.0 Legacy (2017) / Atombombing and Other Obfuscation - Your EDR may be broken
• BSidesSF 2017 / AtomBombing: Injecting Code Using Windows’ Atoms
• VB2017 / Dridex v4 - AtomBombing and other surprises