Lucian Sararu

InfoSec Team Lead at SecureWorks

Lucian works as InfoSec Team Lead at SecureWorks’ Security Center of Excellence in Bucharest and his main mission is to create a consistent and memorable customer experience for the pharmaceutical giants that save or better millions of lives each year (most likely yours included at one point or another). His daily tasks include investigating various alerts, leveraging intelligence analysis techniques in determining the severity of security incidents trying to change the security landscape of customers with 100K+ endpoints (each). Having the knowledge, skills and the ability, not to mention an arsenal of tools and security appliances, he conducts typical incident investigation including forensic analysis and reporting, evidence acquisition, tracing users and applications activities as well as reverse engineering extracted samples.

Fileless malware – beyond a cursory glance

Alin and Lucian will talk about “living off the land” trend of malicious operations. Reverting to simple methods, making use of inherent “features” built into the operating systems that are being subverted as powerful infiltration solutions, one may run scripts and shellcode directly in the computer’s memory. As no suspicious files are stored on the disk, this operation remains undetected by most endpoint solutions for longer periods of time. Therefore, they will explore some of the detection techniques and tracking such operations, as well as highlight the challenges these investigations pose for classical security approaches.
Presentation’s Co-Presenter is Alin Puncioiu, Security Operations Manager at SecureWorks.

Presentation @DefCamp 2017