securing the neighbourhood
TRANSCRIPT
![Page 1: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/1.jpg)
Malware detection – past, present and future
Michael Shalyt
SECURING THE NEIGHBORHOOD
![Page 2: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/2.jpg)
� http://cyberparse.co.uk/
BUZZWORD EXPLOSION
![Page 3: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/3.jpg)
PAST
![Page 4: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/4.jpg)
![Page 5: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/5.jpg)
![Page 6: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/6.jpg)
MUGSHOT DATABASE
![Page 7: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/7.jpg)
MUGSHOT DATABASE
![Page 8: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/8.jpg)
BINARY SIGNATURES
![Page 9: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/9.jpg)
BINARY SIGNATURES
![Page 10: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/10.jpg)
BINARY SIGNATURES
![Page 11: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/11.jpg)
POLIMORPHISM
![Page 12: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/12.jpg)
POLIMORPHISM
![Page 13: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/13.jpg)
PRESENT
![Page 14: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/14.jpg)
INDICATORS OF COMPROMISE
![Page 15: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/15.jpg)
IOC DETECTION DOWNSIDES
![Page 16: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/16.jpg)
IOC DETECTION DOWNSIDES
• Which areas do we watch?
![Page 17: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/17.jpg)
IOC DETECTION DOWNSIDES
• Which areas do we watch?
• Some suspicious mechanisms are used by innocent software as well.
![Page 18: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/18.jpg)
IOC DETECTION DOWNSIDES
• Which areas do we watch?
• Some suspicious mechanisms are used by innocent software as well.
• Attackers can see and sometimes circumvent alarms.
![Page 19: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/19.jpg)
INDICATORS OF INTEREST
![Page 20: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/20.jpg)
INDICATORS OF INTEREST
![Page 21: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/21.jpg)
INDICATORS OF INTEREST
![Page 22: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/22.jpg)
INDICATORS OF INTEREST
![Page 23: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/23.jpg)
EMULATION
![Page 24: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/24.jpg)
FUTURE
![Page 25: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/25.jpg)
ANOMALY DETECTION
![Page 26: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/26.jpg)
HONEYNET
![Page 27: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/27.jpg)
MALWARE RESEARCH
![Page 28: Securing The Neighbourhood](https://reader030.vdocuments.us/reader030/viewer/2022032611/55c4aa69bb61ebb8488b466a/html5/thumbnails/28.jpg)
MALWARE RESEARCH