Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Using Malware Analysis to Explore the Potential of Malware Vaccination

  • Tuesday, November 14, 2017 at 11:00 AM EST (2017-11-14 16:00:00 UTC)
  • Lenny Zeltser

You can now attend the webcast using your mobile device!



Some malicious software is designed to avoid infecting the system more than once by looking for predefined infection markers. Incident responders can vaccinate endpoints against such malware families by distributing the corresponding markers across the enterprise. The vaccines can take the form of specific registry keys, file names, mutex objects, and so on. Incident responders and threat hunters already know to treat such artifacts as indicators of compromise (IOCs). Vaccination entails using some IOCs to not only detect, but also prevent infections. This webinar will show how, by examining malware, analysts can derive potential infection markers. It will also examine the potential for and limitations of vaccination and will explore several samples that could be controlled using this technique.

Tune into this educational webinar to learn about the potential of malware vaccination and expand your perspective on the role of malware analysis in the context of incident response and threat hunting. The session will be conducted by Lenny Zeltser, who has co-authored and teaches FOR610: Reverse-Engineering Malware at SANS and builds anti-malware products at Minerva Labs!

Lenny Zeltser

Speaker Bio

Lenny Zeltser

Lenny Zeltser has written his share of cybersecurity reports and other content during his tenure in the industry. He'll share with you the writing tips he has picked up along the way. Lenny is senior faculty member at SANS and VP of Products at Minerva Labs. Earlier in his career, he served as a Director of Product Management at a Fortune 500 company with a focus on security software and services. Previously, he led the enterprise security consulting practice at a major cloud services provider. A frequent public speaker and writer, Lenny has co-authored books on network security and malicious software. Lenny holds an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania. He blogs at

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.