DCART - Decoupled Components for Automated Ransomware Testing

Explore the development of a behavioral ransomware detonation and detection framework in this conference talk from the Hack In The Box Security Conference. Learn about the challenges of controlled ransomware testing and the innovative approach of decoupling detonation and detection components. Discover the design process, implementation details, and testing methodology for this framework, which will be open-sourced. Gain insights into ransomware modification patterns, behavioral detection techniques, and the limitations of current testing methods. Delve into topics such as event tracing, minifilter drivers, file access auditing, and automation in ransomware analysis. Benefit from the speaker's expertise in malware research and reverse engineering as you examine practical demonstrations and real-world applications of this framework against known ransomware families.