Learn real-world cyber security skills from active industry experts in Anaheim. Save $150 thru 12/18.

Threat Hunting & IR Summit 2019

New Orleans, LA | Mon, Sep 30, 2019 - Mon, Oct 7, 2019
This event is over,
but there are more training opportunities.

Evade Me If You Can: An Inside Look at Malware Evasion Techniques

  • Ben Abbott, Solutions Engineer
  • Monday, September 30th, 12:35pm - 1:40pm

When traditional security products fail in preventing malware from infiltrating an organization, a malware sandbox is often the last hope. For years, malware authors have found ways to stay one step ahead in the arms race with sandbox vendors in this crucial security layer. Building on years of research, the VMRay team tracked and analyzed the evasion techniques that these malware authors use. Like Sun Tzu, we know our enemy and bring the battle to them.

Join Ben Abbott, Solutions Engineer at VMRay, as he takes a deeper look at the techniques these malware authors use to evade analysis, and what steps can be taken for organizations to restore hope in their defenses. This presentation will explore the following evasion techniques:

  1. Detecting the presence of a sandbox: Once a malicious file detects the presence of a sandbox during execution, it alters its behavior in an effort to avoid being detected.
  2. Exploiting weaknesses in the underlying sandbox technology: This approach typically takes advantage of the fact that most sandboxes use agents, or hooks, to monitor malware activity.
  3. Using contextual triggers: This approach leverages the fact that most sandboxes use standardized analysis environments. For example, targeted attacks may look for localization settings that correspond to their intended victim, and shut down if they arenāt found
VMRay

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Monday, September 30
Session Speaker Time Type
Vendor Showcase Monday, September 30th, 10:40am - 11:20am Vendor Event
Evade Me If You Can: An Inside Look at Malware Evasion Techniques Ben Abbott, Solutions Engineer Monday, September 30th, 12:35pm - 1:40pm Lunch and Learn
Domain & DNS-based Adversarial Threat Intelligence in the SOC/CSIRT Corin Imai, Senior Security Advisor & Senior Product Marketing Manager Monday, September 30th, 12:35pm - 1:40pm Lunch and Learn
Vendor Showcase Monday, September 30th, 3:05pm - 3:40pm Vendor Event
Threat Hunting & Incident Response Summit Night Out! Monday, September 30th, 6:00pm - 8:00pm Special Events
Tuesday, October 1
Session Speaker Time Type
Vendor Showcase Tuesday, October 1st, 10:25am - 10:55am Vendor Event
Gain the Upper Hand: Leveraging Telemetry and Response Actions to Close the "Breakout" Window David French, Threat Researcher Tuesday, October 1st, 12:15pm - 1:25pm Lunch and Learn
The Anatomy of an Attack Daniel Bates, Systems Architect Tuesday, October 1st, 12:15pm - 1:25pm Lunch and Learn
Vendor Showcase Tuesday, October 1st, 3:25pm - 3:45pm Vendor Event
Wednesday, October 2
Session Speaker Time Type
DIY Software Supply Chain Monitoring Robert Perica, Principal Engineer Wednesday, October 2nd, 12:30pm - 1:15pm Lunch and Learn
Fidelis Product Test Drive Justin Swisher, MDR Threat Hunting and Charles Twardowski, Manager - Incident Response Wednesday, October 2nd, 6:30pm - 8:30pm Special Events
Thursday, October 3
Session Speaker Time Type
Network Based Threat Hunting: A Case Study in Analyzing an Advanced Threat Matt Pieklik, Sr. Consulting Analyst Thursday, October 3rd, 12:30pm - 1:15pm Lunch and Learn
Malware Analysis: A Deep Dive Experience Anuj Soni Thursday, October 3rd, 6:00pm - 8:00pm Keynote
Friday, October 4
Session Speaker Time Type
DFIR Community Night Friday, October 4th, 6:00pm - 8:00pm Special Events