#HITBCyberWeek скачать в хорошем качестве

#HITBCyberWeek

Detonating ransomware is not difficult. However, detonating ransomware in a controlled, repeatable manner for the purposes of testing a behavioral detection framework can be an arduous task. System services, background processes, and other concurrent file system activity may lead to inconsistent true positive detections (e.g. varying level of file / process activity or elapsed time until detection thresholds are met). The best method we have discovered to avoid this variance between test runs is through decoupling the detonation and detection components and carrying out these tasks separately. In this talk, I will guide the audience through the design and development of a behavioral ransomware detonation and detection framework, test the framework against a few well-known ransomware families, and detail a thorough automated testing methodology. I will also be releasing the framework source code to the public on the day of the talk. === Mark is a Senior Malware Researcher at Endgame. Throughout his career in software engineering and computer security, he has served in prominent technical leadership roles in the research and development of advanced computer network operations tools and has provided malware analysis and reverse engineering subject matter expertise to a diverse range of government and commercial clients in the Washington, D.C. metropolitan area.