BLACK HAT USA 2015 - REGISTRATION IS NOW OPEN

Registration is now open for our USA event, August 1 - 6, 2015 | more info

Detecting and Deciphering Sophisticated Malware C2 for Intelligence Gain (feat. RDP Replay)


View Recording

Thursday, December 4, 2014
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A



Brought to you by:

Detecting and Deciphering Sophisticated Malware C2 for Intelligence Gain - by Mark Graham (Magpie)
Intelligence-Driven Security: Big Data Transforms Security - by Eric Thompson

All too often, we hear about the ways in which APT actors and criminals are adding to and enhancing their cyber arsenal. In an effort to fight back and support our on-going intelligence collection capabilities, the Context Threat Intelligence team worked with our in-house developers to create a tool that would not only parse sophisticated adversary malware command and control, but replay the RDP sessions buried within to reveal a fly-on-the-wall view of operator activities.

This talk will briefly cover the motivations and technical challenges of the project, and dig deep into the positive outcomes for both the victim and for our own intelligence relating to adversary TTPs. We will discuss the challenges of detecting encrypted malware command and control at the periphery of the network and ways in which we have leveraged knowledge of attacker TTPs in order to track movement throughout the enterprise.

Presenter:

Mark GrahamMark Graham (Magpie)

Mark Graham (Magpie), Head of Threat Intelligence, Context Information Security leads the Context Threat Intelligence team, supporting internal products and services, as well as providing both strategic guidance and tactical, actionable intelligence to its clients.

Mark’s duties include reverse engineering of sophisticated malware, development of signatures and bespoke systems to assist in the detection of malware across network and host domains, analysis of proprietary communications protocols and conducting investigations to attribute Threat Actor activity.


Sponsor Presenter:

Eric ThompsonEric Thompson

Eric Thompson is the IT Threat Strategist for RSA. Formerly, Thompson led Capital One’s customer-facing digital security strategy and roadmap team, responsible for managing the enterprise-level process and controls, protecting customers’ assets and privacy. Thompson is an active thought leader and visionary, partnering on security efforts across the financial industry for years in cross-functional working groups, such as the eFraud Global Forum and FS-ISAC.

LatestIntel

View More

UpcomingEvents

ShowCoverage

StayConnected

Fill out the form below to stay up to date on the latest Black Hat info, newsletters and intel.

Email*
First Name
Last Name
Subscription Group

Sustaining Partners