You need a PROcess to check your running processes and modules. The bad guys, and red teams are coming after them!
If there is a file on disk, you can easily SEE the bad fu, but what if the malware is nowhere to be found on the disk? Malware can be broken up into several types, some call it “fileless malware” (poor non-descript term). The malware really isn’t fileless, the file, or code lives somewhere, the registry, WMI database, or the focus of this talk, in memory. This talk will focus on Memware that has been injected into memory, most likely injected a process or added a DLL and may not reside on disk while the system is running. Do you have a PROcess to detect, investigate, respond, and/or hunt for Memware? This talk will walk through some commodity and Red Team examples of how this works and what you can do to address this newly expanding threat that is becoming more and more common in commodity malware, Red Team engagements, and of course APT attackers, because it can avoid so many security tools. Attendees will leave with some ideas and tools that can help you detect, investigate and hunt for Memware.