A New Secret Stash For Fileless Malware

Explore the latest advancements in fileless malware attacks and their sophisticated implementation methods in this 43-minute conference talk from Nullcon Goa 2022. Delve into Kaspersky's 2022 discovery of new techniques used to conceal malicious code, with a particular focus on the unprecedented use of Windows event logs in infection chains. Learn how attackers exploit event logging systems to store binary data and execute shellcode, raising concerns about the security of the world's most widely used operating system. Examine the intricate process of how droppers save shellcode into Key Management System event sources and how malicious modules reconstruct and execute this code. Gain insights into the additional tactics employed by actors to obfuscate the infection process, including the patching of Windows API functions related to logging. Enhance your understanding of cutting-edge cybersecurity threats and defense strategies in this informative presentation on fileless malware evolution.