Explore the intricacies of malware detection and signature-based security in this conference talk from GrrCon 2018. Delve into the history of security, the evolution of malware, and the challenges of signature-based detection methods. Learn about bypass techniques, modern malware trends, and the impact on various sectors, including healthcare. Examine different approaches to malware detection, including monitoring processes, machine learning, and statistical models. Discover the limitations of signature-based detection and explore alternative methods such as sandboxing, threat modeling, and behavioral analysis. Gain insights into customizing sandboxes, identifying key indicators like file drops and process IDs, and understanding the role of web filtering and Microsoft's security toolkit. Conclude with a discussion on the future of malware detection and participate in a Q&A session to further enhance your understanding of this critical cybersecurity topic.
Overview
Syllabus
Start
Kens background
History of security
Malware
Signatures
Bypass signature detection
How malware is today
Semantics
Healthcare
ZDI
Signature Index
My favorite hacker movies
Telephone method
Signature
Monitoring
Processes
Watch processes
Machine learning
Signature model
Business model
Statistical model
Silver Bullet
Threat Model
Crypto Mining
I got something different
My real name
Run it right
Sandbox
Customizing the sandbox
Key logger
File drops
Process IDs
Trend Slide
Web Filtering
Microsoft
Microsoft Toolkit
The Sandbox
Wrapup
Bringing it back
Conclusion
Questions
