Black Hat is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dissecting Non-Malicious Artifacts: One IP at a Time

View Recording

Thursday, September 27, 2018
11:00AM-12:00PM PDT

Dissecting Non-malicious Artifacts: One IP At A Time, by Ido Naor & Dani Goland

For years, anti-malware solutions, across many levels of the network, have been assisted by online anti-virus aggregation services and online sandboxes to extend their detection level and identify unknown threats. But, this power booster comes with a price tag. Enterprises all over the world are using security solutions that instead of protecting the data, are suspecting it as malicious and sharing it with online multi-scanners.

The result is drastic. What separates a hacker from extracting all that data on a daily basis is a couple of hundreds euros, monthly. A price which could be covered easily if that hacker finds a man of interest. In just a couple of days, one skilled hacker can build an intelligence platform that could be sold in 10 times the money they invested.

The data is being leaked daily and the variety is endless. In our research, we dived into these malware-scanning giants and built sophisticated Yara rules to capture non-malicious artifacts and dissect them from secrets you've never thought possible of getting out of their chamber.

But that's not all. We will show how we built an intelligence tool, that upon insertion of an API key, will auto-dissect a full dataset. We reveal the awful truth about allowing internally installed security products to be romantically involved with online scanners.


Ido Naor Ido Naor

Ido Naor is a Senior Security Researcher at GReAT, a team of researchers who've been tasked by Kaspersky Lab to investigate the most prolific APT incidents, ransomware distribution, banking heists and other type of internet hacking monsters. Ido's focusing on threats in the middle east and is actively following hackers who aim to demolish the lives of citizens and public institutes.

Dani Goland Dani Goland

Dani Goland is a 23 year old coding machine. Dani recently relocated from Israel to the US to study Data Science at University of California, Berkeley. During his studies, he founded VirusBay, a collaborative malware research community which skyrocket to over 1200 researchers.





Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners