Talk F-1: From Infection to Encryption: A Deep Dive into Threat Actors Malicious Code

In most attacks, there is some custom code; we need to understand exactly what it does, what persistence it creates, how it encrypts the files, how it calls home and all things the threat actor doesn't want to reveal.
In this talk Alexander and Nicklas will walk you through some of the most recent malware used in ransomware attacks we have investigated and start the presentation by doing a live demo of tooling to disable protection and then running a ransomware from a real case. The presentation will follow the Kill Chain from how the threat actors get in, with some unqie insights into the DarkGate loader, to methods that threat actor use to stay undetected and disable your EDR and AV utilizing Bring Your Own Vulnerable Driver (BYOVD); then finish of with a deep insight into the Crytox ransomware and how files can be restored even after they have been encrypted.