Learn real-world skills from real-world cyber security practitioners. View upcoming Live Online Events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Family Matters: Practical Malware Family Identification for Incident Responders

  • Wednesday, March 18, 2020 at 10:30 AM EDT (2020-03-18 14:30:00 UTC)
  • Jacob Williams, Tamas Boczan


  • VMRay

You can now attend the webcast using your mobile device!



The vast majority of malware samples used in cybercrime belong to commercial malware families. Although the number of individual malware samples is enormous, the number of families they belong to is much more manageable. Identifying and tracking activity of these malware families not only speeds up the analysis of individual samples, but also helps incident responders think systematically about incoming attacks, achieving a more accurate high-level view of the threats they face.

In this webcast attendees will learn the characteristics of a malware family is and practical identification techniques. Attendees will also learn about how family-specific information can be used in improving response to individual incidents, and tracking malware families to build a more complete view of the threat landscape.

Speaker Bios

Jacob Williams

Jacob Williams is a SANS Analyst, certified SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development, and digital counter-espionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud-data exfiltration and the tools and guidance to secure client data against sophisticated, persistent attack on-premises and in the cloud.

Tamas Boczan

Tamas is a Senior Threat Analyst at VMRay. He is responsible for finding and analyzing relevant malware samples and improving VMRay's detection capabilities. Prior to VMRay, Tamas researched evasive malware and developed a malware analysis sandbox at an Anti-Virus company.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.