This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Security B-Sides London 2014

29th April 2014 (that’s a Tuesday)
Kensington and Chelsea Town Hall, Hornton Street, London, W8 7NX
View analytic
Tuesday, April 29 • 3:00pm - 4:00pm
Extracting Configs From Common Remote Access Trojans FULL

Sign up or log in to save this to your schedule and see who's attending!

Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Following on from the technical talk - See the matching CfP

This Workshop will take you through the steps required to extract and decode the Configuration settings from common Remote Access Trojans and create share able IOC's

Staring with a Group effort the Instructor will lead you through all the steps required using a simple Publicly available RAT. You will be shown how to use simple debugging techniques and a few lines of python to get the information you require. Finally showing you methods that will achieve identical results without looking at a single line of assembly.

Once the group has created a working decoder each participant will be given their own random sample of a RAT to figure out and decode.

The final wrap up will deal with Creating IOC's on the artifacts you find.

avatar for Kevin Breen

Kevin Breen

MalwareAnalyst, Independant researcher
Kevin is a Malware and Forensic Analyst working for a large UK CERT. He is interested in all things cyber security and occasionally blogs about such things. | Outside of work he is a geek and is keen to contribute to the open source community where he is able. He is also very lucky he has a wife that lets him run his lab at home. | Read https://techanarchy.net, tweet @kevthehermit and fork https://github.com/kevthehermit

Tuesday April 29, 2014 3:00pm - 4:00pm
Committee Room 4 The Town Hall, Hornton Street, London W8 7NX