Learn, hack!

URL

https://media.blackhat.com/bh-ad-11/Beek/bh-ad-11-Beek-Taming_Worms_RATS_Dragons-Slides.pdf

File name

bh-ad-11-Beek-Taming_Worms_RATS_Dragons-Slides.pdf

File size

3.8 MB

MD5

dfb0ff7dac7a79fc95245981db78619b

SHA1

9d19a7bf2cdf9b1cf5f312204e82c331d875d728

Over years the use of malware has dramatically changed. Ranging from programmers exploring the malicious possibilities of their programming code, copycats trying to combine code snippets, to organized crime and governments using custom made malware for their purposes. Where financial gratification is the main drive for cybercrime, it seems that the hunger for secrets and intellectual property is taking over. Some examples of cases are: Operation Aurora, Night-Dragon and recently Shady-RAT. These are examples of investigations that started with the detection of unknown customized malware, hiding on corporate networks and ended in large investigations regarding Data Loss. So how is it possible that this malware was undetected? How can you detect hidden malware on your network using open-source tools, what patterns to look for? What countermeasures can you take? How to build a layered malware defense to keep unknown malware out of your network. In my talk I will give some demo's how you can use Wireshark to investigate networkdata for traces of malware, how to filter for suspicious connections.