RATs and IOCs - The Easy Way

Explore the world of Remote Access Trojans (RATs) in this 30-minute conference talk from Security BSides London. Delve into the various uses of RATs across the cybersecurity landscape, from novice hackers to advanced persistent threat (APT) actors. Learn about the limitations of dynamic analysis and the advantages of static analysis in extracting RAT configurations. Discover how to leverage tools like Malwareconfig.com to process and analyze RAT configurations, generating valuable threat intelligence such as Snort rules, YARA rules, and Indicators of Compromise (IOCs). Gain insights into creating Python scripts for efficient config extraction and understand how to use this information both offensively and defensively. Explore the future of RAT analysis and the importance of sharing findings with the cybersecurity community.

Intro
What is a RAT
Who Uses RATS: Script Kiddies
Who Uses RATS: APT
Grabbing The Config
Making It Easy Python Scripts
Using The Config: Offensive
Share With The Community
The Future