Marius Bucur

Malware Analyst @CrowdStrike

Marius has been working for 2 years as Malware Analyst at Avira and currently he works at CrowdStrike as Malware Analyst.

In search of unique behaviour

A walk through multiple attack scenarios seen in our protected environments, hunting and dissecting different infection vectors with unique modus operandi for payload delivery and persistence followed by intel reporting and detection.

Powershell is continuing to be on top of the nonPE popularity list among malware developers and more bizarre techniques are used to win time between detection and mitigation of attacks. Powershell also helps malware devs by enabling fileless infections, thus avoiding classical means of detection and forensic expertise.

Showcasing end to end analysis including malware hunting by searching for new threats in the wild and infections among our systems, discovering infection vectors and continuing analysis by reverse engineering the found payloads.

Enrich intel by using internal and external tooling to track host activities that aid prevention patterns of malicious activities that leverage different productivity apps, vulnerable software and gullible users through social engineering.

Finishing with suggestions of detection and prevention methodologies usable in corporate environments.

This talk will be co-presented with @Ioan Iacob, Cyber Threat Analyst at CrowdStrike

Presentation @DefCamp 2018