The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!

DerbyCon 3.0 - All In The Family

Presented by: Michael Gough, Ian Robertson
Date: Saturday September 28, 2013
Time: 13:00 - 13:50
Location: Track 4
Track: The 3-Way

“Both CXO’s and technical staff should attend this talk. You can throw lots of time and money at scanning your systems for unknown malware, but the reality is that you will only identify a small portion of the bad stuff. Changing the way you approach managing your systems by using this process will help you find malware.

In this presentation we will introduce you to the “Malware Management Framework”, a repeatable process that can identify the most advanced malware on Windows based systems without signatures or the need to understand anything about the malware. This isn’t whitepaper fluff, this is the real deal straight from the professionals who have dealt with some of the nastiest stuff in the real world, defending real environments. This presentation will discuss the current state of malware, the problems with current detection methods and share a new process that anyone can setup to assist in malware discovery and remediation.

If malware is a concern in your environment, you need to attend this talk and take away actionable information you can begin using immediately.


Anti-Malware and malware detection and prevention solutions currently on the market are failing in detecting today’s advanced malware. There are over 110 million new pieces of malware discovered in 2012. has already listed 60 million new malware between Jan-May 2013, exceeding malware numbers for all 2011! The “Malware Management Framework” and this presentation will teach IT and security professionals how to setup a program to easily and inexpensively detect the most sophisticated malware on their systems, or validate a system is malware free. This approach will save significant dollars on Incident Response and allow companies to move forward after an incident and not be paralyzed by the event. This is not a traditional forensics talk, this is a new innovative methodology proven by the speakers in their current environment with WinNTi and other advanced malware.”

Michael Gough

Ian and Michael, aka the “Thoughtful Hackers”, are security professionals and researchers. The duo’s responsible disclosures involve cardkey system exploits and vulnerabilities with leading application whitelisting and file integrity products. Michael’s background includes 20 years of security consulting for Fortune 500 organizations and running BSides Texas. Ian’s background includes security, networking and software development, and was a former CISO for the State of Texas. Now Ian and Michael defend against malefactors and ne’er-do-weller’s trying to do nefarious things and trying to p0wn their employer’s assets.

Ian Robertson

Ian and Michael, aka the “Thoughtful Hackers”, are security professionals and researchers. The duo’s responsible disclosures involve cardkey system exploits and vulnerabilities with leading application whitelisting and file integrity products. Michael’s background includes 20 years of security consulting for Fortune 500 organizations and running BSides Texas. Ian’s background includes security, networking and software development, and was a former CISO for the State of Texas. Now Ian and Michael defend against malefactors and ne’er-do-weller’s trying to do nefarious things and trying to p0wn their employer’s assets.

KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats