Detecting Persistence Mechanisms
- Thursday, January 10th, 2013 at 1:00 PM EST (18:00:00 UTC)
- Alissa Torres
You can now attend the webcast using your mobile device!
Persistence mechanisms are techniques used by malware to increase survivability on compromised host systems. For an incident responder, the identification of specific artifacts created by such techniques can provide excellent insight into the function of the malicious code. In fact, these host-based artifacts aid in unraveling the adversary's methodologies and the subsequent identification of other compromised systems on the network. This presentation will cover both common persistence mechanisms such as modified registry keys, Windows service persistence and other methods seen in past campaigns as well as newer techniques from malware hitting today's enterprises. Also during this hour, several tools useful in isolating and identifying persistence indicators will be introduced. This session covers key skills needed on effective security teams and is a "must attend" webcast for those working in the IR profession.
Alissa Torres is a SANS Analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.