Overview
Explore a 31-minute Black Hat conference talk that delves into the reclassification process of commodity malware for targeted attacks. Learn how security operation centers and incident response teams often misclassify breaches as "untargeted," potentially missing crucial opportunities for threat elimination. Examine the techniques and procedures used by attack groups to migrate compromised endpoints from commodity threat platforms to valuable-target platforms. Discover methods to detect when commodity threats are undergoing migration and how this knowledge can enhance incident response efficiency. Gain insights into analyzing endpoint and network data captured during these reclassification operations, and understand the implications for organizational security.
Syllabus
Watching Commodity Malware Get Sold to a Targeted Actor
Taught by
Black Hat