HNNEpisode124

From Paul's Security Weekly
Jump to: navigation, search

Hack Naked News #124

Recorded May 16, 2017 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Amanda Rosseau Endgame[1]

    Ransomware Expert Commentary: Amanda Rousseau, Endgame

    Amanda is a Senior Malware Researcher at Endgame and was previously a Malware Researcher and Technical Lead for dynamic behavior detection both on Windows and OSX platforms at FireEye. She has worked on government and commercial incident response engagements and forensic investigations in her previous roles. She has also spent time at the Department of Defense Cyber Crime Center as a malware reverse engineer and computer forensic examiner. Her previous research subjects include malware api sequencing, vehicle embedded computer forensics and exploitation, malware analysis automation, and malware attribution.

    1. Tell us about your background as a malware researcher
    2. The "perfect storm" that was created is interesting: Remotely exploitable SMB service, patch issued for supported operating systems, then legacy operating systems and Microsoft's own advice for disabling SMBv1. Is this an anomaly?
    3. It seems as though this malware was not very good, given the kill switch and usage of public exploits and backdoors. Could it have been worse if they were more stealthy?
    4. Did you gauge the intent of the malware authors?
    5. Aside from securing your environment properly, how can we detect and prevent threats such as this? Detect the exploit? exploitation technique? payload? beacon traffic? Post-infection behavior? Attempts to encrypt files?