The purpose of the talk is to highlight and overcome the limitation in hunting and tracking malware using traditional means and actors who are abusing this limitation stay hidden for extended periods of time. The talk further demonstrates techniques and tools to streamline this process of triage and hunting at scale. Further it highlight some missed opportunities and detection points that can be used to identify and hunt for malware and tune down the noise of packers, obfuscation and other anti-analysis tricks. This is achieved by using a few automation tools that were written to highlight this method of threat hunting.

Furthermore, this talk also discusses the methodology behind a custom sandbox designed to generate dynamic analysis and static correlation rules. These rules are instrumental in aiding the classification and attribution of threats, enhancing the overall effectiveness of the Threat Intelligence process. In the demo section i will also be showing some case study of interesting scenarios where i was able to track different c2 beacons and ransomware iteration using this hunting methodology.