Europe 2015: The Best Response

Forensics and incident response: two disciplines in ever-higher demand in today's world of subtle intrusions and stealthy attacks. This trio of Black Hat Europe 2015 Briefings highlights grapple with different aspects of the art of intelligent counter-intelligence.

The Domain Name System that makes the web so human-friendly is highly dynamic and continually changing -- a single domain can return 100 resource records at once. Come to New (and Newly-Changed) Fully Qualified Domain Names: A View of Worldwide Changes to the Internet's DNS to learn about a ground-breaking approach that tames this information fire hose: the creation of two winnowed, real-time data streams, one consisting of newly-observed fully-qualified domain names, and another of DNS changes. These new streams make it easy to identify numerous security-relevant DNS changes and will allow for more timely and effective approaches to combating malicious Internet behavior.

Despite its importance, Microsoft's Application Compatibility Toolkit is not well known to security researchers. It should be, because its rootkit-like behavior can be leveraged to achieve persistence and privilege escalation via Shim Database Files ("shims"). Defending Against Malicious Application Compatibility Shims will demonstrate very advanced techniques such as in-memory patching, malware obfuscation, evasion, and system integrity subversion using malicious shims. Expect extensive information on countermeasures and detection, including the release of a number of specialized tools.

Finally, Linux's increasing ubiquity, particularly in embedded applications, unfortunately makes it more attractive to malware authors. As such, researchers need better tools to analyze rogue programs. That's where Limon comes in. Come to Automating Linux Malware Analysis Using Limon Sandbox for an introduction to Limon, a python-based, open-source sandbox which automatically collects, analyzes, and reports on the run time indicators of Linux malware. Coming up, some thoroughly dissected Linux malware. Let's hope it squirms.

Black Hat Europe 2015 takes place November 10-13 in Amsterdam. Now's a great time to register!

Sustaining Partners