All times are in Pacific Daylight Time (UTC-0700).

  • Track: Main Channel: Friday 10/08 @ 1700-1755 PDT
  • Slides

In late Summer 2020, leveraging the threat hunting methodology developed at Verizon Media, the Paranoids FIRE team identified a novel piece of macOS malware that would later be dubbed Silver Sparrow. In this session we’ll talk about a key TTP leveraged by the malware authors. We’ll show how it was found, and how it was used to create new detections to monitor Silver Sparrow activity. Finally, we’ll show how based on telemetry collected by the Paranoids, the infection count estimates originally published by news organizations were inaccurate: roughly 3,000 infected machines instead of about 30,000.

Plug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to his first LA2600 meeting in 1998. He is a Sr. member of the Defcon Blue Team Village and currently leads the Threat Hunting Program at a Fortune 20 organization.

Read More

twitter @plugxor

© 2021 ShellCon