Overview
Syllabus
Intro
Why This Talk?
Fileless Malware - A Brief History
Types of "Fileless" Malware
Stages of A Malware Infection
Malware: Droppers vs. Payloads
Delivery Stage
Execution Stage
Interesting Execution Mechanisms
Persistence Stage
Common Persistence Mechanisms
Interesting Persistence Mechanisms
EXAMPLE TRICKBOT CAMPAIGN
PASSWORD PROTECTED WORD DOC
PAYLOAD - TRICKBOT
Poweliks - Delivery
Poweliks - Persistence
Normal DNS Forwarding
Stage 2 - Persistence for Stage 3?
Stage 2 - Powershell
Stage 4 - Command Retrieval
Command & Control
Stage 4 - Command Output
Fileless Malware - Defense