Last week to get a GIAC Certification Attempt Included with Online Training - Ends Soon!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Hiding in Plain Sight: When Malware Abuses Legitimate Services for Communications

  • Friday, April 21st, 2017 at 11:00 AM EDT (15:00:00 UTC)
  • Josh Reynolds
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Cisco Systems

You can now attend the webcast using your mobile device!

Overview

Malicious actors increasingly use modern hosting providers, such as Pastebin and Imgur, to quickly and effectively serve malicious content to users. Using legitimate services to host malicious content makes it easier for threat actors to make it past traditional defenses and blacklisting. It is difficult for hosting providers to detect malicious content within their services due to obfuscation techniques used by threat actors, and the massive amount of hosting content they provide. Although the content can be inspected, it is not possible for networks to block these domains and IP addresses as theyre legitimate services.

 

This webinar will give you a glimpse into a number of modern malware variants abusing hosting services and discuss how they can be stopped.

In this technical webinar you will learn:

1.           The type of hosting services that threat actors are abusing

2.           The type of communications these services are being leveraged for

3.           Common obfuscation and evasion mechanisms used within these communication channels when abusing cloud hosting services

Speaker Bio

Josh Reynolds

Joshua Reynolds is a part of the Research & Efficacy Team at Cisco Systems that assists in increasing the detection capabilities of the AMP for Endpoints and AMP Threat Grid product lines through a number of development efforts. He has spoken at BSides Calgary, RSAC, and SecRETs regarding his Ransomware research efforts.

Joshua joined Cisco Systems, Inc. through the Sourcefire, Inc. acquisition where he performed quality assurance for the AMP for Endpoints product line.

Prior to joining Sourcefire, Joshua interned at Red Hat Asia Pacific's Penetration Testing team while finishing his Bachelor's degree in Information Technology at Griffith University in Australia.

Joshua also holds a diploma of Information Technology from the Southern Alberta Institute of Technology where he graduated with honors.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.