STUPID MALWARE TRICKS: THE WEIRDEST WAYS ATTACKERS BYPASS YOUR DEFENSES presented at Saintcon 2015

by Andrew Brandt,

Summary : It's easy for security professionals to laugh off malicious spam filled with misspellings, phishing pages that look like they came straight from the Geocities rubbish bin, malware so riddled with bugs that it's barely operational, or exploit kits that attempt to leverage ancient (in Internet-time) vulnerabilities that everyone should have patched by now. After all, for the sophisticated Internet user (let alone incident responders and infosec analysts), these ploys seem as threatening as a kitten with its claws extended.
The reality, however, is that even the most incredibly dumb, obvious, and artlessly inexpert criminals meet with a surprising degree of success, despite the mountain of ineptitude they bring to bear. In this session, attendees will learn about the absolute dumbest attack techniques and malware behaviors that, against all odds, eked success from the jaws of defeat -- and some of the techniques that a capable admin or security professional can leverage to bolster already formidable defenses-in-depth against the ocean of incompetence washing up on his or her network.