Tag Archives: Malware Persistence

Techniques for Malware Persistence. Part 3.

Jake Williams: So, service failover is the next technique we’re going to talk about. Services failovers are all kinds of cool. We can take an existing service, a legitimate service; I think every forensics professional here knows you got to go through the service – we’re not interested in that. We’re looking at using an actual service failover. So we’re going to piggyback on an existing service, maybe even something cool like antivirus – that’s a big one that you always want to attack. I always liked to attack an antivirus.

Techniques for Malware Persistence. Part 2.

Jake Williams: How many of you guys are government employees or card-carrying members of the infamous CatCard? Yeah, it’s cool – I wouldn’t raise my hand either. So, one of the emails that we got – this is really interesting – actually involved some of the CatCard reader software installed on the “Golden Images” all around some US Government organizations. And so, what turns out is when you put your card in, then it launches the program to handle it.

Wipe the Drive Dude! Techniques for Malware Persistence

Jake Williams: Hi! I’m Jake Williams. I’m a Principal Forensic Analyst for CSRgroup; I’m a SANS Forensics 610 Instructor – that’s, not surprisingly, malware. I’m doing research right now on cloud forensics, and I like to break poorly written software because…who doesn’t?