Become more effective at your job with hands-on cyber security training in Austin. Save $350 thru 9/25.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Fileless Malware Fun

  • Wed, May 29, 2019, 2019 - 11:00 am Singapore / 12:00 pm Tokyo / 1:00 pm Sydney
  • Hal Pomeranz
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

This webcast will not have a slide deck.

Note: This webcast is free of charge however a SANS portal account is required (see webcast link for details)

SANS Asia-Pacific Webcast Series- Fileless Malware Fun

Come join SANS Fellow Hal Pomeranz on an expedition into the "fileless" persistence mechanism of the Kovter malware. Registry hacks, Javascript, Powershell, shell code, and obfuscated binaries-- we've got all of that and more! Come learn some of the typical strategies used by fileless samples, and some tricks for cutting through all of the confusion and getting to your analysis more rapidly.

Speaker Bio

Hal Pomeranz

Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the United States and Europe, and with global corporations.

While perfectly at home in the Windows and Mac forensics world, Hal is a recognized expert in the analysis of Linux and Unix systems, and has made key contributions in this domain. His EXT3 file recovery tools are used by investigators worldwide. His research on EXT4 file system forensics provided a basis for the development of open source forensic support for this file system. Hal has also contributed a popular tool for automating Linux memory acquisition and analysis. But Hal is fundamentally a practitioner, and that's what drives his research. His EXT3 file recovery tools were the direct result of an investigation, recovering data that led to multiple indictments and successful prosecutions.

Raised in the Open Source tradition, Hal shares his most productive tools and techniques with the community via his GitHub and blogging activity. And nobody can show you how to forensicate with Open Source tools like Hal!

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.