Silver Sparrow and the Tale of the Mysterious Insu File

Presented at ShellCon 2021 Virtual, Oct. 8, 2021, 5 p.m. (55 minutes).

In late Summer 2020, leveraging the threat hunting methodology developed at Verizon Media, the Paranoids FIRE team identified a novel piece of macOS malware that would later be dubbed Silver Sparrow. In this session we'll talk about a key TTP leveraged by the malware authors. We'll show how it was found, and how it was used to create new detections to monitor Silver Sparrow activity. Finally, we'll show how based on telemetry collected by the Paranoids, the infection count estimates originally published by news organizations were inaccurate: roughly 3,000 infected machines instead of about 30,000.

Presenters:

• Plug
  Plug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to his first LA2600 meeting in 1998. He is a Sr. member of the Defcon Blue Team Village and currently leads the Threat Hunting Program at a Fortune 20 organization.

Links:

• https://shellcon.io/talks/2021/silver-sparrow/

Similar Presentations:

• Objective by the Sea version 4.0 (2021) / Mac detections by the numbers