SANS OnDemand: Extended Access, Hands-On Labs, and SME Support


To attend this webcast, login to your SANS Account or create your Account.

Advanced Malware Threat Hunting and Investigation with VirusTotal Intelligence

  • Tuesday, April 24th, 2018 at 1:00 PM EDT (17:00:00 UTC)
  • Matt Bromiley and Shapor Naghibzadeh
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Google LLC

You can now attend the webcast using your mobile device!


Malware continues to be a significant threat to organizations, causing damage on its own or as the tip of the spear for compromised-credential attacks. VirusTotal Intelligence provides a set of advanced capabilities for malware-focused threat hunting and investigation. Threat researchers and analysts can use these capabilities to find and shut down new malware attacks before they cause damage. This webinar will present an end-to-end methodology for investigating a newly-discovered malware sample, beginning with a blog post and file hash, and ending with updated internal security infrastructure. The presenter worked in Google Security engineering and threat analysis for over a decade and has significant experience performing this type of investigation.

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Shapor Naghibzadeh

Shapor Naghibzadeh has worked in Google engineering for 11 years, and is currently a Senior Engineering Lead within the Chronicle team. He guides product design from the view of a hands-on threat response analyst. Prior to co-founding Chronicle, Shapor was a founding member of Google's Threat Analysis Group, designed to identify and disrupt targeted attacks against Google and its users. He designed, built, and maintained systems to enable this, including Google-scale malware and log analysis and indexing systems. Shapor has a BS degree in Computer Engineering from the University of Illinois at Chicago.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.