A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


From Commodity to Advanced (APT) malware, are automated malware analysis sandboxes as useful as your own basic manual analysis? - Michael Gough Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

From Commodity to Advanced (APT) malware, are automated malware analysis sandboxes as useful as your own basic manual analysis?
Michael Gough
Derbycon 2016

According to Mandiant M-Trends, their customers average Mean Time to Discovery (MTTD) for breaches in 2012 was 416 days, 2014 was 205 days and 2015 was 146 days. In 2015 for those Mandiant customers that detected a breach themselves was 56 days! Unfortunately the average days for a third party to report your company has been breached is 320 days. As an industry we still need to vastly improve since companies get compromised within an hour and the entire organization within a day and valuable data begins to leak shortly thereafter. We CAN do better! So how do we reduce our detection time? How can we save serious $$$ by either not using an IR firm and doing it ourselves or saving $$$ by reducing how long the IR firm is on site? Many of us cannot afford an IR firm at a DROP of a TABLE. The ultimate goal and challenge to all of us is to learn how to discover a compromise ourselves and avoid a breach. We as an industry must get better at discovery, detection and response and do it faster, much faster. This talk will share how, where to begin and a new tool for Windows to help us do it ourselves. Learn from those of us that have been through it because the criminals can own you in a day and it is still taking a year to receive the OH SH*T call.

Michael (CISSP, CISA and CSIH) is a Malware Archaeologist, Blue Team defender, Active Defender, Incident Responder, Information Security professional and logoholic. Michael developed the ?Malware Management Framework? to improve malware discovery and detect and response capabilities. Michael also authored several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits, set, collects and report on malicious Windows log data and malicious system artifacts. Michael?s responsible disclosures involve cardkey system exploits and vulnerabilities with leading security products. Michael has also Michael?s background includes 20 years of security consulting for Fortune 500 organizations with HP, health care, financial and gaming industries. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons. Michael is also blogs on HackerHurricane.com on various InfoSec topics.

@HackerHurricane

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast