This talk will discuss actively following attacker exploit chains to capture malware for analysis. Actively pursuing malware will allow an accurate assessment of risk, assist with the development of counter measures, and allow the discovery of ‘indicators of compromise’ for incident response. Areas covered will include understanding attacker’s evasion and obfuscation techniques, collection of malware, and a discussion of deobfuscation/analysis tools and techniques.
Bart ‘d4ncingd4n’ Hopper, CISSP, CISM, CRISC, etc. is a security analyst at a financial institution. Prior to his work in security, he was a systems administrator for a healthcare start up. His training came from the ‘Book of the Month’ club, a quest for knowledge, and the school of hard knocks.