Cyber Threat Analyst @CrowdStrike
Ioan is doing Malware and Digital Forensics for 5 years at Avira and Crowdstrike, python script kiddie and random CTF player.
In search of unique behaviour
A walk through multiple attack scenarios seen in our protected environments, hunting and dissecting different infection vectors with unique modus operandi for payload delivery and persistence followed by intel reporting and detection.
Powershell is continuing to be on top of the nonPE popularity list among malware developers and more bizarre techniques are used to win time between detection and mitigation of attacks. Powershell also helps malware devs by enabling fileless infections, thus avoiding classical means of detection and forensic expertise.
Showcasing end to end analysis including malware hunting by searching for new threats in the wild and infections among our systems, discovering infection vectors and continuing analysis by reverse engineering the found payloads.
Enrich intel by using internal and external tooling to track host activities that aid prevention patterns of malicious activities that leverage different productivity apps, vulnerable software and gullible users through social engineering.
Finishing with suggestions of detection and prevention methodologies usable in corporate environments.
This talk will be co-presented with @Marius Bucur, Malware Analyst at CrowdStrike.