In this unique webinar, we are going to perform a forensic analysis of malware that exploits the recent Java 0-day vulnerability you’ve been hearing so much about. My co-panelist is Marc Bleicher. Marc is a Sr. Incident Response Consultant at CarbonBlack and this guy is beyond technical. Check out his LinkedIn profile: this long time forensics expert plays with malware for a living.
The exploit we are going to profile is a real piece of malware caught “in the wild”. We are going to release it on a lab system and profile its behavior as it activates and then detonates. Using a variety of standard tools we will document the registry and file system changes it makes and the child processes it spawns.
It’s going to be fascinating to see some real malware exploit such current vulnerability but this is about more than fun. We are going to learn a lot:
- How does malware work?
- What forensic tools can you use to reveal what a piece of malware does?
- What does this teach us about how to stop malware in its tracks?
- And more
We’ll see how the malware gets on the system in the first place and then what it does.
One of the other things we’ll see firsthand though is that you have to have your forensic tools active and “cameras rolling” to profile malware this way. You can’t perform this kind of forensic analysis on a system that has already been compromised because it’s too late to collect the information.
Or is it? What Marc will demo next is pretty cool. CarbonBlack’s endpoint security agent keeps a running cache of forensic telemetry on each endpoint which can be retrieved and analyzed after the fact. Almost like an investigator being able to go back in time and install security cameras at a crime scene right before the murder.
Please register now and join us for this absorbing session of real-training-for-free™!