Drop It Like It's Qbot Separating malicious droppers, loaders, and crypters from their payloads

Channel:
United States SANS Cyber Defense
Subscribers:
23,700
Published on ● Video Link: https://www.youtube.com/watch?v=gk7fCC5RiAQ


Duration: 34:50
419 views
10

SANS Blue Team Summit 2023
Drop It Like It's Qbot: Separating malicious droppers, loaders, and crypters from their payloads for better initial access detection
Speaker: Stef Rand, Intelligence Analyst, Red Canary

This talk will delve into the differences between malware delivery vehicles - droppers, downloaders, and crypters - and their payloads. It's common in the industry to track evil payloads, but less common to nitpick over exactly where the delivery vehicle stop sand the payload starts. Using threat intelligence to identify and track the differences between the two can pay big dividends in early initial access detection. For example, crypters are a type of software used to encrypt, obfuscate, and change evil payloads to make them harder to detect. In this talk you'll hear about one crypter that is used to deliver many threats including Remcos, RedLine, and AsyncRAT. Identifying and tracking this crypter's unique behavior means it can be detected earlier in its infection chain, even before it delivers its payload. You will leave the talk understanding how you can use threat intelligence to help you pinpoint and track malware delivery vehicles, like in the example above. You'll be armed with specific detection opportunities for droppers, loaders, crypters, and current prevalent threats like Qbot. This talk is for a wide audience, from those new to cybersecurity to experienced security analysts.

View upcoming Summits: http://www.sans.org/u/DuS



Other Videos By SANS Cyber Defense


2023-11-05The Puzzle Palace Model in OSINT Analytic Mindset
2023-11-05Uncovering Law Enforcement Activities: Darknet Vendor OSINT Perspectives
2023-11-05Tips & Tricks For Digital Dumpster Diving
2023-11-05Unlocking the Digital Landscape: Exploring the Power of OSINT for a Connected World
2023-11-05The Growth of Global Election Disinformation: The Role & Methodology of Govt-linked Cyber Actors
2023-09-12Detection Engineering: The Blue Team Cheat Code | Host: Mark Orlando | September 12, 2023
2023-08-09Hunting for Suspicious HTTPS and TLS Connections
2023-08-03What does it take to author a cybersecurity book?
2023-07-31Join us for the SANS Open-Source Intelligence (OSINT) Summit 2023 - September 22!
2023-07-28The Risk to Space: Satellite Communications Systems and Ground Networks as Attack Targets
2023-07-28Drop It Like It's Qbot Separating malicious droppers, loaders, and crypters from their payloads
2023-07-28Panel | 1%: Tiny Gains producing Big Improvements
2023-07-28Zero Trust Architecture: Beyond Proxy or Point Solutions
2023-07-28Ecosystem of Insights: Building Operation Dashboards That Enable Teams
2023-07-28Bridging the Gap: Improving Rules Effectiveness by Integrating Detection and Response
2023-07-28Blueprint Live - 11 Strategies of a World-Class Cybersecurity Operations Center
2023-07-28Cloudy with a Chance of Breaches: OSINTAdventures in Tracing Exposed Credentials
2023-07-28Hunting OneNote Malware: A Practical Guide for Blue Teams
2023-07-28BlueHound: Blue Teams of the World Unite!
2023-07-28The Cyber Pilfer Chain: detecting and disrupting post-exploitation data theft
2023-07-28Keynote | How to Save Your SOC from Stagnation


Tags:
cyber defense
cyber security
cyber defense training
cyber security training
cybersecurity
cybersecurity training
Stef Rand
droppers
loaders
crypters
payloads
blue team summit
sans blue team summit
blue team
blue team cyber security
blue teaming
blue teaming cyber security
malicious droppers
malicious loaders
malicious crypters
malware
malware delivery
threat detection
threat detection cyber security
threat detection techniques
threat detection methods