+ All Categories
Home > Documents > PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory...

PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory...

Date post: 19-Jul-2020
Category:
Upload: others
View: 1 times
Download: 0 times
Share this document with a friend
38
Transcript
Page 1: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 2: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 3: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 4: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 5: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 6: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 7: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 8: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 9: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 10: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 11: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

Page 12: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 13: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 14: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 15: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

The most hands-on Mobile Penetration testing course on the market

Bougioukas Dimitrios

- Director, IT Security Training Services @ eLearnSecurity

- Author & IT Security Research Lead @ eLearnSecurity

- Expert on EU CERT/CSIRT Technical Training (Incident

Response, Tactical Analytics, SOC 3.0 & SOAR) @ ENISA

Interests:

- Cyber Program Management / Transformation

- Advanced Adversary Simulation & Dark Ops

- Tactical & Strategic Threat Intel

- Purple Team Tactics

whoami

Page 16: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

The most hands-on Mobile Penetration testing course on the market

1. Introduction to eLS

2. Malware Analysis Professional and Job Proficiency

+ Malware/Attack Families Detected by ELS Courses

3. Malware Analysis Professional – Topics Covered

4. Malware Analysis Professional – Lab Demo

Agenda

Page 17: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

The most hands-on Mobile Penetration testing course on the market

1. Introduction to eLS

2. Malware Analysis Professional and Job Proficiency

+ Malware/Attack Families Detected by ELS Courses

3. Malware Analysis Professional – Topics Covered

4. Malware Analysis Professional – Lab Demo

Agenda

Page 18: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

Percentage of companies

having experienced one or

more successful cyber attacks

Percentage of said cyber attacks

using evasive methods

Page 19: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

Used by: …and 20,000+ IT Security professionals

worldwide

&

• Fortune 100/500 companies

• Government agencies

• Intelligence/Military units etc.

Page 20: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

The most hands-on Mobile Penetration testing course on the market

✓ Create/Educate complete and up-to-date IT Security

Professionals!

✓ Provide applicable knowledge, tied to the current

threat landscape

❑ Constant monitoring of the threat landscape

❑ Frequent updates

❑ Lab-heavy courses

❑ Holistic & vendor-agnostic approach

Page 21: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

The most hands-on Mobile Penetration testing course on the market

1. Introduction to eLS

2. Malware Analysis Professional and Job Proficiency

+ Malware/Attack Families Detected by ELS Courses

3. Malware Analysis Professional – Topics Covered

4. Malware Analysis Professional – Lab Demo

Agenda

Page 22: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

Credit: Rajeev

Shukla

Forensic/Malware Analyst

Page 23: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

Credit: Rajeev

Shukla

Forensic/Malware Analyst

▪ In-depth Network Traffic

& Flow Analysis

✓ Snort, Suricata, Bro

usage and signature

writing

✓ IR at scale through

GRR/Velociraptor

▪ Detecting all stages of

the Cyber Kill-chain

(from recon to

persistence incl. the

latest Kerberos attacks)

✓ Correlation of events

✓ ELK & Splunk usage

▪ Common protocol &

Endpoint analytics▪ Hunting for evasive

malware

✓ Webshells

✓ PowerShell

✓ .NET Malware

✓ Rootkits

✓ Encrypted C2 etc.

▪ Hunting in Memory

▪ Hunting at Scale

✓ Advanced ELK,

Splunk, Osquery &

Kollide usage

▪ Hunting for advanced

attacks

✓ AMSI bypasses, COM

Hijacking,

Kerberoasting, PPID

spoofing, Access

Token Theft, API

▪ Real-world malware

sample analysis,

debugging & reverse

engineering

✓ Ransomware, Botnets,

RATs, Downloaders,

Keyloggers, Process

Hollowing with TLS

callbacks etc.

✓ x86 & x64 malware

samples

✓ Windows API usage

for malicious purposes

✓ Manual unpacking

✓ Anti-reversing tricks

etc.

▪ Reverse Engineering of

Software

✓ Theory

✓ PE File Format

Analysis

✓ Patching

✓ Windows Registry

Manipulation

✓ File Manipulation

✓ Code Obfuscation

Page 24: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

The most hands-on Mobile Penetration testing course on the market

1. Introduction to eLS

2. Malware Analysis Professional and Job Proficiency

+ Malware/Attack Families Detected by ELS Courses

3. Malware Analysis Professional – Topics Covered

4. Malware Analysis Professional – Lab Demo

Agenda

Page 25: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

The most hands-on Mobile Penetration testing course on the market

1. Introduction to eLS

2. Malware Analysis Professional and Job Proficiency

+ Malware/Attack Families Detected by ELS Courses

3. Malware Analysis Professional – Topics Covered

4. Malware Analysis Professional – Lab Demo

Agenda

Page 26: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 27: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 28: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 29: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 30: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 31: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 32: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 33: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

Congratulations!

Page 34: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 35: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 36: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced
Page 37: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

Bad As You Want To Be – Adversary Emulation BasicsThursday May 28, 2020 @ 1:00 PM EDT

https://www.ethicalhacker.net/eh-net-tv/eh-net-live/webinar-bad-as-you-want-to-be-adversary-emulation-basics/

Page 38: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced

USA – Italy – Beyond…


Recommended