DCART - Decoupled Components for Automated Ransomware Testing
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore the development of a behavioral ransomware detonation and detection framework in this conference talk from the Hack In The Box Security Conference. Learn about the challenges of controlled ransomware testing and the innovative approach of decoupling detonation and detection components. Discover the design process, implementation details, and testing methodology for this framework, which will be open-sourced. Gain insights into ransomware modification patterns, behavioral detection techniques, and the limitations of current testing methods. Delve into topics such as event tracing, minifilter drivers, file access auditing, and automation in ransomware analysis. Benefit from the speaker's expertise in malware research and reverse engineering as you examine practical demonstrations and real-world applications of this framework against known ransomware families.
Syllabus
Introduction
Overview
Ransomware
Ransomware Modification Patterns
Behavioral Ransomware Detection
Behavioral Ransomware Testing
Limitations
Event Traces
Event Listener
Event Race Format
File Access Auditing
MiniFilter Driver
MiniFilter Framework
Analysis Objectives
Entropy
File Header
File Rename
Demo
Log File
Log File Analysis
Automation
Limitations of Automation
Taught by
Hack In The Box Security Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network