In the first Vault 7 WikiLeaks dump, the documents discussed several different persistence and anti-RE techniques that the CIA supposedly uses to avoid detection and maintain access to systems they compromise. None of these methods are new or undetectable; in fact, all of them have been widely used by malware for years. This talk will discuss each of these techniques, how they work, and more importantly, how defenders can detect the use of these techniques in their environments or during their investigations.
Tyler has more than 15 years of extensive experience in incident handling, malware analysis, computer forensics, and information security at multiple organizations. He has also spoken and taught at a number of security conferences on these and other infosec topics. IƤ! Cthulhu fhtagn! @secshoggoth