YoVDO

Hunting for Memory Resident Malware

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Malware Analysis Courses APIs Courses Memory Forensics Courses

Course Description

Overview

Explore techniques for detecting memory resident malware in this 27-minute conference talk from Derbycon 7. Learn about the importance of memory hunting, attacker techniques, and post-breach detection methods. Discover how to use .NET reflection for malware detection, including a demonstration of running a detection script. Examine the challenges of CLR hooking and gain insights from Microsoft Threat Intelligence. Conclude with a Q&A session to deepen your understanding of memory-based malware detection strategies.

Syllabus

Intro
Overview
Why is memory hunting important
Attacker techniques
API
Post Breach Detection
Dotnet Reflection
Dotnet Reflection Script
Running the Script
Venting Sources
Microsoft Threat Intelligence
The Problem
CLR Hook
Conclusion
Questions


Related Courses

OS Analysis with Volatility
Pluralsight Getting Started with Memory Forensics Using Volatility
Pluralsight Advanced Malware Analysis: Redux
Cybrary Introduction to Memory Forensics with Volatility 3
DFIRScience via YouTube Taking Memory Forensics to the Next Level
New York University (NYU) via YouTube