Cyber attacks continue to increase in severity and sophistication. A new era of attacks have become more ubiquitous and dangerous in nature. Malware has become much better at hiding its presence on the host machine. However, one place it cannot hide for long is in the volatile memory of the computer system. The purpose of this talk is to show exactly how to conduct advanced forensics on volatile memory to extract relevant artifacts and indicators of compromise and interface with a new Actionable Cyber Threat Intelligence Engine I have built and released to the community to better hunt and identify new indicators of compromise across enterprise networks.
Presented at Security Fest 2018.Speaker: Solomon Sonya