A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Fileless Malware - The New “Cyber” - Edmund Brumaghin & Colin Grady Derbycon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Fileless Malware - The New “Cyber”
Edmund Brumaghin & Colin Grady
Derbycon 2017

Buzzwords are the bane of the infosec community. Whether it’s “cyber” or “APT”, these terms are often used as nothing more than a way to generate clicks or by marketing teams to push more blinky lights to customers. “Fileless malware” is the latest example of this. Attacks leveraging malware that have been dubbed “fileless malware attacks” have been generating significant media coverage recently leading many to wonder what impact these attacks may have on their organizations or whether they are adequately protected against them. In many cases these attacks are not truly fileless and result in various artifacts being written to targeted systems. In this presentation we will provide a brief history of fileless malware as well as walk through some specific examples of malware that makes use of this approach to infecting systems. We will also cover why most malware is not actually “fileless”, along with specific examples of threats that make use of interesting persistence mechanisms that do not resemble what many have grown accustomed to seeing from malware.

Edmund Brumaghin is a threat researcher with Cisco Talos. He has spent the past several years protecting environments across a number of different industries including nuclear energy, financial services, etc. He currently spends his days hunting malware and analyzing various threats as they emerge and continue to evolve. In his time with Talos he has researched ransomware, banking trojans and other threats being distributed using various attack vectors. He has also worked to expose large scale malware campaigns and raise awareness of security threats observed across the threat landscape. Colin Grady is also a threat researcher with Cisco Talos. He started his infosec career as a SOC analyst and has worked his way through a variety of roles including engineering, architecture, and incident response. He joined Talos from his prior role with Cisco’s incident response team (CSIRS) to have a more direct and proactive role in protecting customers. He spends his days looking at interesting malware and finding ways to identify and process the samples and activities for convictions across the Cisco product line.

Back to Derbycon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast