Breakdown on the FinFisher malware suite

Presented at ToorCon San Diego 16 (2014), Oct. 26, 2014, 4 p.m. (20 minutes).

I will be going over the FinFisher suite, recently leaked by WikiLeaks. FinFisher is malware used by foreign governments to for spying. I’ll be short and sweet in discussing how it packs, unpacks, decrypts, and drops a rootkit. I will then go over the rootkit, and then go over the detection using YARA.

Presenters:

• Joe Giron / AverageJoe   as Joe Giron
  That one guy from Phoenix.

Tags:

• Malware

Similar Presentations:

• DEF CON 28 (2020) Virtual / Demystifying Modern Windows Rootkits
• Black Hat USA 2020 Virtual / Demystifying Modern Windows Rootkits