malware hunting with the sysinternals tools mark russinovich technical fellow windows azure sia302

Malware Hunting with the Sysinternals Tools Mark Russinovich Technical Fellow Windows Azure SIA302

Upload: naomi-boord

Post on 28-Mar-2015

231 views

Category:

Documents

8 download

Report

Download

Tags:

Embed Size (px):

TRANSCRIPT

Slide 1

Malware Hunting with the Sysinternals Tools Mark Russinovich Technical Fellow Windows Azure SIA302 Slide 2 During 4Q11, 33 percent of Web malware encountered was zero-day malware not detectable by traditional signature- based methodologies at the time of encounter Cisco 4Q11 Global Threat Report Slide 3 Slide 4 Slide 5 Slide 6 Identifying Malware Processes Slide 7 Slide 8 Slide 9 Slide 10 Slide 11 Slide 12 Slide 13 Slide 14 Slide 15 Slide 16 Slide 17 sigcheck -e -u -s c:\ listdlls -u Slide 18 strings Slide 19 Slide 20 Slide 21 Cleaning Autostarts Slide 22 Slide 23 Slide 24 Slide 25 Slide 26 Tracing Malware Activity Slide 27 Slide 28 Slide 29 Slide 30 Slide 31 Slide 32 Slide 33 Slide 34 Real World Analysis and Cleaning Slide 35 Slide 36 Slide 37 Slide 38 Slide 39 Cleaning FakeSysDef Scareware http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Trojan:Win32/FakeSysdef Give a man a stolen credit card & he'll eat like a king for a day. Teach a man to phish and he'll be set for life. -- Ancient Nigerian proverb Slide 40 Slide 41 Slide 42 Slide 43 Slide 44 Slide 45 Slide 46 Cleaning Cycbot http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fCycbot Slide 47 Analyzing and Cleaning Stuxnet and Flame http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=WinNT%2fStuxnet http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Flame.gen!B Slide 48 Slide 49 http://www.reuters.com/article/2012/06/12/us-media- tech-summit-flame-idUSBRE85A0TN20120612 Slide 50 Summary Slide 51 Prevent and Detect Slide 52 Slide 53 Book signings with Mark and Aaron Wed. and Thurs., 11:30am TechEd bookstore Mark will also be signing Zero Day and Windows Internals 6 th Ed Pt. 1 Slide 54 Slide 55 www.microsoft.com/twc www.microsoft.com/security www.microsoft.com/privacy www.microsoft.com/reliability Slide 56 Connect. Share. Discuss. http://europe.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn Slide 57 Evaluations http://europe.msteched.com/sessions Submit your evals online Slide 58 Slide 59

Malware Analysis Analysis.pdf · Definisi Malware Analysis • What is a malware? • Malware (malicious software) ... Malware Sinkronisasi Token • Pelaku: Zeus Banking Trojan •

ADM291 A Tour of Sysinternals Tools Mark Russinovich Winternals Software

Windows System Response and Interrogation with ...science.hamptonu.edu/compsci/docs/iac/windows_system...Windows System Response and Interrogation with Sysinternals Tools Windows Sysinternals

Chapter 8 Malware - FTMS · – Boot virus – Logic Bomb virus – Directory virus – Resident virus. CSCA0101 Computing Basics 8 Malware Types of Malware ... Malware Types of Malware

Sysinternals Primer: Gems Aaron Margosis Principal Consultant Microsoft Corporation SIA311

sysinternals demo sysinternals

Computer Virology and Mobile Malware Detection · 2019-03-14 · Outline •Introduction •Computer Virology • Malware taxonomy • Encrypted malware •Malware Detection •Mobile

FindingPrivilegeEscalations withstrace& SysInternals · FindingPrivilegeEscalations withstrace& SysInternals ... 3.Strace. Basics. Basics WhatisPrivilegeEscalation? „Privilegeescalationistheactofexploitingabug,designflaw

Detect the undetectable with Sysinternals Sysmon and ... · PDF fileDimitris Margaritis Bsides Athens 2017 24/6/2017 Detect the undetectable with Sysinternals Sysmon and Powershell

Malware Fails Best Bugs in Malware Felix Leder [Malware ... · 1 Malware Fails Best Bugs in Malware Felix Leder [Malware Detection Team] [email protected] 5. desember 2011 malware

Wcl303 russinovich

Mark Russinovich Technical Fellow Core Operating System Division Microsoft Corporation WCL402