Dissecting Non-Malicious Artifacts: One IP at a Time (Black Hat Conference 2018)

For years and years, anti-malware solutions, across many levels of the network, have been assisted by online anti-virus aggregation services and online sandboxes to extend their detection level and identify unknown threats. But, this power booster comes with a price tag. Even today, enterprises all over the world are using security solutions that instead of protecting the data, are suspecting it as malicious and sharing it with online multi-scanners. The result is drastic. What separates a hacker from extracting all that data on a daily basis is a couple of hundreds euros, monthly. A price which could be covered easily if that hacker finds a man of interest. In just a couple of days, one skilled hacker can build an intelligence platform that could be sold in 10 times the money they invested.
The data is being leaked daily and the variety is endless. In our research, we dived into these malware-scanning giants and built sophisticated Yara rules to capture non-malicious artifacts and dissect them from secrets you've never thought possible of getting out of their chamber. But that's not all. We will show the audience how we built an intelligence tool, that upon insertion of an API key, will auto-dissect a full dataset. In our talk, we reveal the awful truth about allowing internally installed security products to be romantically involved with online scanners.


Dani Goland

Dani Goland is a 23 year old coding machine. At the age of 20, he founded his own boutique company for innovative software and hardware solutions. While gaining experience in the business field, Dani did not neglect his hands-on capabilities. In just a short while, he won two coding competitions, one of which was held by eBay. Dani recently relocated from Israel to the United States to study Data Science at the prestigious University of California, Berkeley. During his studies, Dani founded VirusBay, a collaborative malware research community which skyrocket amongst the global security community with over 1200 researchers. After serving in the Israeli Defense Forces as a commander of a Field Intelligence unit, Dani went on an eight month journey across South America. He loves snowboarding, music concerts, and having crazy, breathtaking experiences such as spending five days in the Bolivian Jungle with no food or water.

Ido Naor

Ido Naor is a Senior Security Researcher at GReAT, a team of researchers who've been tasked by Kaspersky Lab to investigate the most prolific APT incidents, ransomware distribution, banking heists and other type of internet hacking monsters. Ido's focusing on threats in the middle east and is actively following groups of hackers who aim to demolish the ordinary lives of citizens and public/gov institutes. During his work at Kaspersky, Ido founded VirusBay, a collaborative malware research community which skyrocket amongst the global security community with over 1200 researchers. Ido is 31 years old, a martial arts experts and a father of 3 who lives in Tel Aviv, Israel. He served at one of the most notorious intelligence special ops military unit, as a combatant, commander and later on as a Krav Maga instructor.

Detailed Presentation:

(Source: Black Hat USA 2018, Las Vegas)

Views: 138

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service