Level: Advance Subject Matter
Abstract:
In this workshop we will walk through the analysis of an APT28 attack chain together. It will feature a then-0-day Microsoft Office exploit and a few other file formats as well as a look at the infrastructure behind the attack.
Requirements::
Please bring laptop with a charged battery. You will be handling real-world malware (you act at your own risk; No backup, no pity). I recommend to use a virtual machine (e.g. FLARE-VM, Remnux). No special tooling is required, make sure to have the basics (Text and Hex Editor, Browser, ZIP utility) installed. No photos during the workshop please, you will receive a copy of the slides.
Bio:
Marius Genheimer aka f0wL specializes in digital forensics, incident response and malware analysis. He is responsible for threat research on the SECUINFRA Falcon team.