Beyond AV: Detection-Oriented File Analysis

Presented at BSidesSF 2019, March 4, 2019, 4:10 p.m. (30 minutes)

This talk advocates adding detection-oriented file analysis systems to the modern threat detection technology stack by taking an in-depth look at Strelka, Target's recently released static file analysis system. Strelka's project lead will cover an overview of these systems, review Strelka's features and design, and show how data produced by these systems can be used to find malicious files in the enterprise.

Presenters:

• Josh Liburdi - Target
  Josh Liburdi is a lead engineer at Target who focuses on developing, maturing, and maintaining custom threat detection systems and related solutions for Target's Cyber Fusion Center. Josh's specialities are in detection systems engineering, large-scale threat hunting, and adversary research; over the past several years he has worked for a variety of organizations in the threat detection and incident response space, including Sqrrl, CrowdStrike, and GE-CIRT.

Links:

• https://bsidessf2019.sched.com/event/Jdev/beyond-av-detection-oriented-file-analysis

Similar Presentations:

• VB2019 / Static analysis methods for detection of Microsoft Office exploits
• ShmooCon XI (2015) / Cockroach Analysis: A Statistical Analysis of the Flash and Java Files that Infest the Internet
• DEF CON 21 (2013) / Fast Forensics Using Simple Statistics and Cool Tools