Name: $SignaturesAreDead = “Long Live RESILIENT Signatures” wide ascii nocase
Start: 2018-10-04T12:00:00+0200
End: 2018-10-04T13:00:00+0200

Back To Schedule

$SignaturesAreDead = “Long Live RESILIENT Signatures” wide ascii nocase

Feedback form is now closed.

Signatures are dead, or so we're told. It's true that many items that are shared as Indicators of Compromise (file names/paths/sizes/hashes and network IPs/domains) are no longer effective. These rigid indicators break at the first attempt at evasion. Creating resilient detections that stand up to evasion attempts by dedicated attackers and researchers is challenging, but is possible with the right tools, visibility and methodical (read iterative) approach.

As part of FireEye's Advanced Practices Team, we are tasked with creating resilient, high-fidelity detections that run across hundreds of environments and millions of endpoints. In this talk we will share insights on our processes and approaches to detection development, including practical examples derived from real-world attacks.

Speakers

Daniel Bohannon

Matthew Dunwoody (@matthewdunwoody) and Daniel Bohannon (@danielhbohannon) are Applied Security Researchers with FireEye’s Advanced Practices Team, where they research attacker activity and developing effective detection signatures and processes (among other things). Matthew previously... Read More →

Matthew Dunwoody

Thursday October 4, 2018 12:00 - 13:00 CEST
01. Westvleteren University

Talk

Attendees (58)

D
J
C
G
T
B
A
A
Z
N
View All →

BruCON 0x0A

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Daniel Bohannon

Matthew Dunwoody

Attendees (58)