powerpoint presentation · powershell .net malware rootkits encrypted c2 etc. hunting in memory...
TRANSCRIPT
![Page 1: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/1.jpg)
![Page 2: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/2.jpg)
![Page 3: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/3.jpg)
![Page 4: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/4.jpg)
![Page 5: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/5.jpg)
![Page 6: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/6.jpg)
![Page 7: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/7.jpg)
![Page 8: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/8.jpg)
![Page 9: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/9.jpg)
![Page 10: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/10.jpg)
![Page 11: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/11.jpg)
•
•
•
•
![Page 12: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/12.jpg)
![Page 13: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/13.jpg)
![Page 14: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/14.jpg)
![Page 15: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/15.jpg)
The most hands-on Mobile Penetration testing course on the market
Bougioukas Dimitrios
- Director, IT Security Training Services @ eLearnSecurity
- Author & IT Security Research Lead @ eLearnSecurity
- Expert on EU CERT/CSIRT Technical Training (Incident
Response, Tactical Analytics, SOC 3.0 & SOAR) @ ENISA
Interests:
- Cyber Program Management / Transformation
- Advanced Adversary Simulation & Dark Ops
- Tactical & Strategic Threat Intel
- Purple Team Tactics
whoami
![Page 16: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/16.jpg)
The most hands-on Mobile Penetration testing course on the market
1. Introduction to eLS
2. Malware Analysis Professional and Job Proficiency
+ Malware/Attack Families Detected by ELS Courses
3. Malware Analysis Professional – Topics Covered
4. Malware Analysis Professional – Lab Demo
Agenda
![Page 17: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/17.jpg)
The most hands-on Mobile Penetration testing course on the market
1. Introduction to eLS
2. Malware Analysis Professional and Job Proficiency
+ Malware/Attack Families Detected by ELS Courses
3. Malware Analysis Professional – Topics Covered
4. Malware Analysis Professional – Lab Demo
Agenda
![Page 18: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/18.jpg)
Percentage of companies
having experienced one or
more successful cyber attacks
Percentage of said cyber attacks
using evasive methods
![Page 19: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/19.jpg)
Used by: …and 20,000+ IT Security professionals
worldwide
&
• Fortune 100/500 companies
• Government agencies
• Intelligence/Military units etc.
![Page 20: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/20.jpg)
The most hands-on Mobile Penetration testing course on the market
✓ Create/Educate complete and up-to-date IT Security
Professionals!
✓ Provide applicable knowledge, tied to the current
threat landscape
❑ Constant monitoring of the threat landscape
❑ Frequent updates
❑ Lab-heavy courses
❑ Holistic & vendor-agnostic approach
![Page 21: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/21.jpg)
The most hands-on Mobile Penetration testing course on the market
1. Introduction to eLS
2. Malware Analysis Professional and Job Proficiency
+ Malware/Attack Families Detected by ELS Courses
3. Malware Analysis Professional – Topics Covered
4. Malware Analysis Professional – Lab Demo
Agenda
![Page 22: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/22.jpg)
Credit: Rajeev
Shukla
Forensic/Malware Analyst
![Page 23: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/23.jpg)
Credit: Rajeev
Shukla
Forensic/Malware Analyst
▪ In-depth Network Traffic
& Flow Analysis
✓ Snort, Suricata, Bro
usage and signature
writing
✓ IR at scale through
GRR/Velociraptor
▪ Detecting all stages of
the Cyber Kill-chain
(from recon to
persistence incl. the
latest Kerberos attacks)
✓ Correlation of events
✓ ELK & Splunk usage
▪ Common protocol &
Endpoint analytics▪ Hunting for evasive
malware
✓ Webshells
✓ PowerShell
✓ .NET Malware
✓ Rootkits
✓ Encrypted C2 etc.
▪ Hunting in Memory
▪ Hunting at Scale
✓ Advanced ELK,
Splunk, Osquery &
Kollide usage
▪ Hunting for advanced
attacks
✓ AMSI bypasses, COM
Hijacking,
Kerberoasting, PPID
spoofing, Access
Token Theft, API
▪ Real-world malware
sample analysis,
debugging & reverse
engineering
✓ Ransomware, Botnets,
RATs, Downloaders,
Keyloggers, Process
Hollowing with TLS
callbacks etc.
✓ x86 & x64 malware
samples
✓ Windows API usage
for malicious purposes
✓ Manual unpacking
✓ Anti-reversing tricks
etc.
▪ Reverse Engineering of
Software
✓ Theory
✓ PE File Format
Analysis
✓ Patching
✓ Windows Registry
Manipulation
✓ File Manipulation
✓ Code Obfuscation
![Page 24: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/24.jpg)
The most hands-on Mobile Penetration testing course on the market
1. Introduction to eLS
2. Malware Analysis Professional and Job Proficiency
+ Malware/Attack Families Detected by ELS Courses
3. Malware Analysis Professional – Topics Covered
4. Malware Analysis Professional – Lab Demo
Agenda
![Page 25: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/25.jpg)
The most hands-on Mobile Penetration testing course on the market
1. Introduction to eLS
2. Malware Analysis Professional and Job Proficiency
+ Malware/Attack Families Detected by ELS Courses
3. Malware Analysis Professional – Topics Covered
4. Malware Analysis Professional – Lab Demo
Agenda
![Page 26: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/26.jpg)
![Page 27: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/27.jpg)
![Page 28: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/28.jpg)
![Page 29: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/29.jpg)
![Page 30: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/30.jpg)
![Page 31: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/31.jpg)
![Page 32: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/32.jpg)
![Page 33: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/33.jpg)
Congratulations!
![Page 34: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/34.jpg)
![Page 35: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/35.jpg)
![Page 36: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/36.jpg)
![Page 37: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/37.jpg)
Bad As You Want To Be – Adversary Emulation BasicsThursday May 28, 2020 @ 1:00 PM EDT
https://www.ethicalhacker.net/eh-net-tv/eh-net-live/webinar-bad-as-you-want-to-be-adversary-emulation-basics/
![Page 38: PowerPoint Presentation · PowerShell .NET Malware Rootkits Encrypted C2 etc. Hunting in Memory Hunting at Scale Advanced ELK, Splunk, Osquery & Kollide usage Hunting for advanced](https://reader034.vdocuments.us/reader034/viewer/2022042916/5f58334c03e82419496f822b/html5/thumbnails/38.jpg)
USA – Italy – Beyond…