Malware Forensics for Uncommon Payloads: LNK Files and the Ransomware Ecosystem by Joseph Edwards
ฝัง
- เผยแพร่เมื่อ 24 ม.ค. 2025
- Microsoft has begun to crack down on malicious Office documents and intends to change default policies on the execution of macros on Windows. As a result, threat actors are turning towards other file formats to phish victims and gain initial access. The most prevalent of these is .LNK files, AKA Windows Shortcuts.
Threat actors and malware authors have written custom tools to build and obfuscate .LNK payloads. This talk will dive into several such techniques and campaigns, connecting these malicious Shortcut files to their final payloads. These include the major Banking Trojans, Initial Access Brokers and other unknown backdoors.
-------
Presentation from ResponderCon 2022.
September 13, 2022
respondercon.io
ResponderCon: Investigating Ransomware was dedicated to helping incident responders and DFIR examiners investigate ransomware. While other events focus on preventing the attack, this focuses on what to do after it happens.
