DEF CON 27 - From EK to DEK: Analyzing Document Exploit Kits
Exploit Kits haven’t disappeared, they’ve simply moved to Microsoft Office. Traditional Exploit Kits (EKs) have the ability to fingerprint and compromise web browser environments, but with the advent of sandboxing and advanced security measures, there has been a shift toward using the Microsoft Office environment as a primary attack surface. Document Exploit Kits (DEKs) leverage DCOM, ActiveX controls, and logic bugs to compromise machines by packing multiple exploits into a single file.
In this workshop you will learn how to analyze exploits, shellcode, and infection chains produced by modern Document Exploit Kits such as ThreadKit and VenomKit.
- DEF CON 27 - From EK to DEK: Analyzing Document Exploit Kits - Slides (WARNING: PDF)
- DEF CON 27 - From EK to DEK: Analyzing Document Exploit Kits - Workshop Manual (WARNING: PDF)
RSAC 2017 - Tracking Ransomware - Using Behavior to Find New Threats
This hands-on interactive lab (bring your own laptop) will explore the latest ransomware trends and how to defend your enterprise against this threat. Attendees will understand what is ransomware, the attack vectors and the commonalities between variants. They will learn the skills to find and track new ransomware with dynamic analysis of behavior, and what is the sophistication of the perpetrators.
Video Tutorial: WinDbg Basics for Malware Analysis
Open Analysis Live was kind enough to have me on to talk about the basics of debugging malware with WinDbg. In my opinion, this is the best YouTube channel on the internet for all things related to malware analysis. Please support their channel!