Tangling with malware adversaries: A few short war stories
The anti-malware industry is a game of cat and mouse between the attackers who are constantly innovating new malware techniques and us security researchers who try to stop them. In this talk I'll present a few interesting short stories from my time at Windows Defender battling these attackers. First, I'll talk about the discovery of a botnet known as Sefnit that nearly took down the Tor network in 2013, and the subsequent investigations that accidentally led to an in-person meeting with one of the malware authors, and how this led to the demise of the botnet. Secondly, I'll talk about battling a stealthy click-fraud malware that was always one-step ahead of the AV detection signatures I was authoring to remove them from infected machines.
Windows 10 AMSI script behavior instrumentation with machine learning to block malicious attacks
Speakers Bio: Geoff McDonald is a machine learning and anti-virus researcher at Windows Defender ATP, specializing in using machine-learning to protect our customers from malware. He has a passion for machine learning, reverse-engineering, programming tools for reverse-engineering and vulnerability fuzzing, and foosball. You can find some of his tools and hobby projects on his personal website http://www.split-code.com or github at https://github.com/glmcdona.