Guillaume Couchard
Last known affiliation: SEKOIA.IO
Bio: Guillaume Couchard is a threat analyst / detection engineer working for SEKOIA.IO since March 2020. Previously worked for F-Secure Countercept as a Threat Hunter for ~2 years and before that worked at the National Cybersecurity Agency of France (ANSSI) as a Threat Intelligence analyst for ~2 years.
Date: 2023-04-14
When a botnet cries: detecting botnets infection chains
Erwan Chevalier 🗣 | Guillaume Couchard 🗣
Erwan Chevalier 🗣 | Guillaume Couchard 🗣
Abstract (click to view)
Infection chains used by commodity malware are frequently evolving and are using various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID, and Qakbot, all of these wicked threats are frequently used as a first stage malicious code allowing to drop other more specific payloads.
This presentation will be in three parts, an overview of the infection chains and common detection methods used against them, how generic detection rules on these infection chains can help in the fight against botnets and finally how threat intelligence at scale combined with the rest creates a solid defense.
PDF
Video