Conf42: Python 2022

...

Malware Hunting - Using python as attack weapon

Filipi Pires
Cyber Security Evangelist @ senhasegura

Filipi Pires's LinkedIn account Filipi Pires's twitter account


The purpose of this presentation is to use python scripts to perform some tests of efficiency and detection in various endpoint solutions, during our demonstration we`ll show a defensive security analysis with an offensive mind performing an execution some python scripts responsible for downloading some malware in Lab environment. The first objective will be to simulate targeted attacks using a python script to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by signatures, NGAV and Machine Learning, running this script, the idea is to download these artifacts directly on the victim’s machine. The second objective is to run more than one python script with daily malware, made available by MalwaresBazaar upon request via API access, downloanding daily batches of malwares.

With the final product, the front responsible for the product will have an instrument capable of guiding a mitigation and / or correction process, as well as optimized improvement, based on the criticality of the risks.

Article`s reference: https://pentestmag.com/product/pentest-build-your-own-pentest-lab-in-2021/ ( 2x Articles published | Exploitation with Shell Reverse and Infection with PowerShell using VBS File | Zusy Malware using MSI) https://pentestmag.com/product/pentest-powershell-for-pentesters/ ( 2x Articles published | Testing Creative Way Detection and Efficiency in Sophos Security Sensors | Outbreak Infection from Malware Bazaar, undetected by Sophos https://hakin9.org/product/malware-attacks/ (Hunting the Hunters-Detection and Efficiency Testing of Endpoint Security Sensors) https://pentestmag.com/product/pentest-ransomware-prevention/ ( 2x Articles Published | Threat Hunting Labs Engines Problems in Cybereason AV | Infection with Ransomware Using Delay in Applying Policies) https://hakin9.org/product/cyber-threat-intelligence/ (Infection with Malware By Script Python NOT Detected by AV) https://eforensicsmag.com/product/threat-hunting-what-why-how/ (Infection by Outbreak Attack Malicious)

Similar presentations: https://www.youtube.com/watch?v=mJZCNqcO10A&t=51s (NahamCon’s on RTV 2021 - Discovering C&C in Malicious PDFs) https://www.youtube.com/watch?v=nxlqxLWO16k (GrayHat - Red Team Village - 2020- US) - Malware Analysis https://www.youtube.com/watch?v=id7phzfgumg (GrayHat - Red Team Village - 2020 - US) - Pivoting Technique https://www.youtube.com/watch?v=oWkgyPgAMsg (BSIDES DFW - 2020 - US) - Malware Analysis https://youtu.be/-h34cWIf9T8?t=23973 (Hacktivity - Budapest 2020) - Dissecting Malware https://www.youtube.com/watch?v=9S41xfTGQDo (D.C. Cybersecurity Professionals - 2020 - US) - Cyber Threat Hunting: Identify and Hunt Down Intruders https://www.youtube.com/watch?v=yAjvfTYEhOw (D.C. Cybersecurity Professionals - 2020 - US) - Dissecting PDF Files to Malware Analysis https://www.youtube.com/watch?v=0pp6xcFsXgE&feature=youtu.be (HITB -2020 - Hack In The Box Security Conference - Europe) - Threat Hunting

Awesome conferences for

Priority access to all content

Community Discord

Exclusive promotions and giveaways