In order for an attacker to steal from you, they need persistent access. This means ensuring their C2 is reliable and resilient to takedown. That's the main reason why over 90% of malware uses DNS for command & control and exfiltration.* The good news is that this persistence is something we can use against the attackers in order to find their accesses and then improve how we respond. In this session geared toward security operators and incident responders, Todd O'Boyle of Strongarm will explain a new approach that goes beyond simply blocking and dropping malware C2. Attendees will learn how to 'speak malware. ' A critical and important step of knowing how to respond to a threat is being able to communicate with it to understand where it's operating and what it is trying to do. Maintaining a connection with the infected device offers critical information that saves analysts time and accelerates the time to resolution. Attendees of this session will learn how 'speaking malware ' can eradicate an infection by using the malware's own communications against the attacker.
To learn more on this topic, attend the 10th annual SANS Digital Forensics & Incident Response (DFIR) Summit & Training. This training event brings together the most influential group of experts, the highest quality training, and the greatest industry networking opportunities in one place. Over the course of this eight-day training event, you'll enjoy: