Overview
Dive into a comprehensive analysis of SHADOWPAD, a sophisticated Chinese espionage malware-as-a-service, in this 41-minute conference talk from the Hack In The Box Security Conference. Explore the evolution of SHADOWPAD from its emergence in 2015 as the successor to PlugX, through its involvement in infamous supply-chain attacks like CCleaner, NetSarang, and ShadowHammer. Gain insights into its plugin-based design, runtime extensibility, and the limited set of customers who have access to this privately shared malware. Discover the findings of SentinelLabs' extensive study on SHADOWPAD's origin, usage, and business model, including technical details, user clusters, and the potential pricing structure for its plugins. Learn how SHADOWPAD's emergence has influenced the attack strategies of China-based threat actors and impacted the landscape of Chinese espionage attacks. Benefit from the expertise of speakers Yi-Jhen Hsieh and Joey Chen, experienced threat intelligence researchers from SentinelOne, as they share their in-depth knowledge on malware analysis, APT investigations, and emerging threats in the cybersecurity landscape.
Syllabus
#HITB2021SIN D1T1 SHADOWPAD: Chinese Espionage Malware-as-a-Service - Yi-Jhen Hsieh & Joey Chen
Taught by
Hack In The Box Security Conference