Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

DCART - Decoupled Components for Automated Ransomware Testing

Hack In The Box Security Conference via YouTube

Overview

Explore the development of a behavioral ransomware detonation and detection framework in this conference talk from the Hack In The Box Security Conference. Learn about the challenges of controlled ransomware testing and the innovative approach of decoupling detonation and detection components. Discover the design process, implementation details, and testing methodology for this framework, which will be open-sourced. Gain insights into ransomware modification patterns, behavioral detection techniques, and the limitations of current testing methods. Delve into topics such as event tracing, minifilter drivers, file access auditing, and automation in ransomware analysis. Benefit from the speaker's expertise in malware research and reverse engineering as you examine practical demonstrations and real-world applications of this framework against known ransomware families.

Syllabus

Introduction
Overview
Ransomware
Ransomware Modification Patterns
Behavioral Ransomware Detection
Behavioral Ransomware Testing
Limitations
Event Traces
Event Listener
Event Race Format
File Access Auditing
MiniFilter Driver
MiniFilter Framework
Analysis Objectives
Entropy
File Header
File Rename
Demo
Log File
Log File Analysis
Automation
Limitations of Automation

Taught by

Hack In The Box Security Conference

Reviews

Start your review of DCART - Decoupled Components for Automated Ransomware Testing

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.