SANS Online Training Special: Get an iPad Mini, Chromebook Flip, or $250 Off until 10/30! 


To attend this webcast, login to your SANS Account or create your Account.

Using Malware Analysis to Explore the Potential of Malware Vaccination

  • Tuesday, November 14th, 2017 at 11:00 AM EST (16:00:00 UTC)
  • Lenny Zeltser
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Some malicious software is designed to avoid infecting the system more than once by looking for predefined infection markers. Incident responders can vaccinate endpoints against such malware families by distributing the corresponding markers across the enterprise. The vaccines can take the form of specific registry keys, file names, mutex objects, and so on. Incident responders and threat hunters already know to treat such artifacts as indicators of compromise (IOCs). Vaccination entails using some IOCs to not only detect, but also prevent infections. This webinar will show how, by examining malware, analysts can derive potential infection markers. It will also examine the potential for and limitations of vaccination and will explore several samples that could be controlled using this technique.

Tune into this educational webinar to learn about the potential of malware vaccination and expand your perspective on the role of malware analysis in the context of incident response and threat hunting. The session will be conducted by Lenny Zeltser, who has co-authored and teaches FOR610: Reverse-Engineering Malware at SANS and builds anti-malware products at Minerva Labs!

Lenny Zeltser

Speaker Bio

Lenny Zeltser

Lenny Zeltser has written his share of cybersecurity reports and other content during his tenure in the industry. He'll share with you the writing tips he has picked up along the way. Lenny is senior faculty member at SANS and VP of Products at Minerva Labs. Earlier in his career, he served as a Director of Product Management at a Fortune 500 company with a focus on security software and services. Previously, he led the enterprise security consulting practice at a major cloud services provider. A frequent public speaker and writer, Lenny has co-authored books on network security and malicious software. Lenny holds an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania. He blogs at

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.