YoVDO

To Catch a Spy - Tyler Hudak

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Digital Forensics Courses Threat Detection Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore advanced techniques for detecting and analyzing sophisticated malware and espionage tools in this 49-minute conference talk from Derbycon 7. Delve into topics such as the Vault7 "Year Zero" Wikileaks dump, IFEO and Sticky Keys backdoors, registry auditing, and Windows shell extensions. Learn about malicious persistence methods, forensic examination techniques, and DLL search order exploitation. Examine Windows boot sequence vulnerabilities, bootkits, and process hollowing. Gain insights into detection methods using tools like Volatility and discover valuable resources for further investigation into cyber espionage tactics.

Syllabus

Intro
Vault7 "Year Zero" Wikileaks Dump
Prerequisites
IFEO
Sticky Keys Backdoor
Logging - Registry Auditing
Windows Shell
Registering an Extension
Shell Extension Persistence
Malicious Extension
HKCR with HKCU Extensions
Forensic Examination
DLL Search Order
Exploitation
Detection - Examine Loaded DLLs
Windows Boot Sequence
Bootkit
Carperb Capabilities
VBR Verification
Hollowing
Advantages
Detection - Volatility - hollowfind
Resources


Related Courses

Windows Server 2016 Security Features
Microsoft via edX Detecting and Mitigating Cyber Threats and Attacks
University of Colorado System via Coursera Threat Detection: Planning for a Secure Enterprise
Microsoft via edX Microsoft Professional Capstone : Cybersecurity
Microsoft via edX Cyber Security Operations (Cisco CCNA)
The Open University via FutureLearn