Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

To Catch a Spy - Tyler Hudak

via YouTube

Start learning Write review
Simplilearn Ad

Lead AI Strategy with UCSB's Agentic AI Program — Microsoft Certified

Learn More → Noble Desktop Ad

Live Online Classes in Design, Coding & AI — Small Classes, Free Retakes

Learn More →

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore advanced techniques for detecting and analyzing sophisticated malware and espionage tools in this 49-minute conference talk from Derbycon 7. Delve into topics such as the Vault7 "Year Zero" Wikileaks dump, IFEO and Sticky Keys backdoors, registry auditing, and Windows shell extensions. Learn about malicious persistence methods, forensic examination techniques, and DLL search order exploitation. Examine Windows boot sequence vulnerabilities, bootkits, and process hollowing. Gain insights into detection methods using tools like Volatility and discover valuable resources for further investigation into cyber espionage tactics.

Syllabus

Intro
Vault7 "Year Zero" Wikileaks Dump
Prerequisites
IFEO
Sticky Keys Backdoor
Logging - Registry Auditing
Windows Shell
Registering an Extension
Shell Extension Persistence
Malicious Extension
HKCR with HKCU Extensions
Forensic Examination
DLL Search Order
Exploitation
Detection - Examine Loaded DLLs
Windows Boot Sequence
Bootkit
Carperb Capabilities
VBR Verification
Hollowing
Advantages
Detection - Volatility - hollowfind
Resources

Reviews

Start your review of To Catch a Spy - Tyler Hudak

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.