Nytro Posted August 22, 2013 Report Posted August 22, 2013 [h=1]Shmoocon 2013: Wipe The Drive!!! - Techniques For Malware Persistence[/h] For more information and to download the video visit: ShmooCon 2013 - February 15-17 - ShmooCon 2013Playlist Shmoocon 2013: Shmoocon 2013 - YouTubeSpeakers: Mark Baggett | Jake WilliamsLet's face it: sooner or later you will be owned. As a security professional, you (should) know that the best plan is to format the system drive, reinstall the operating system, and start over. But management has another plan. They know that rebuilding infrastructure from scratch involves costly downtime. The temptation to remove the obvious malware and declare the system clean is strong.In session, we'll demonstrate eight less than obvious techniques that can be used to install secondary persistence techniques on a compromised Windows system.The point of the session is not to address specific techniques that can be used as secondary persistence mechanisms for malicious actors. The idea is to conclusively demonstrate that techniques of this type exist that hide deep in the registry and other system settings. We will show that these techniques hide even from memory forensics, the holy grail of "clean system" confirmation.Not that we consider it a substitute for formatting and re-installing the operating system, but we will be releasing a script that checks for the use of these specific techniques. Quote
