See Sharper

Presented at Wild West Hackin' Fest 2018, Oct. 24, 2018, 5 p.m. (50 minutes).

There has been an increase in .NET and specifically C# payloads to carry out adversary objectives. There are many reasons for this. This talk will describe the architecture of the .NET CLR, how attackers are gaining execution via built in tools, and what defenders can do to increase their visibility and detection capabilities. We will provide examples from the fieldand actual intrusion attempts that leverage these techniques.

Presenters:

  • Zac Brown - Red Canary
    Zac Brown is a Principal Software Engineer at Red Canary focused on Blue Team Detection & Engineering. Prior to working at Red Canary, he worked for Microsoft on the Windows team and later the Office 365 Security Team. Zac likes long walks on the beach, operating systems internals, and working on compilers. In his non-existent free time, he enjoys spending time with his wife and dogs, reading, and cooking.
  • Joe Moles - Red Canary
    Joe leads a team of security analysts to help organizations defend their endpoints against threats. An IR and digital forensics specialist, Joe Moles has more than a decade of experience running security operations and e-discovery. Prior to joining Red Canary, Joe built and led security operations, incident response, and e-discovery programs for Fortune 500 companies like OfficeMax and Motorola. He is regarded as an industry thought leader and regularly contributes to the Red Canary blog.

Links:

Similar Presentations: