OMFW: Tracking Stuxnet's Footprint through Memory
Over the next couple of weeks, we will be highlighting some of the talks to be presented at OMFW. The first is “Tracking Stuxnet’s Footprint through Memory” which will be presented by Michael Hale Ligh. MHL is the author of one of my favorite security books of all time, Malware Analyst’s Cookbook, and one of the best developer/analysts I’ve had the pleasure to work with. Having seen the material to presented, you will not be disappointed.
Everyone has heard of Stuxnet, and many people have reverse
engineered it in depth. In this talk, we’ll be exploring Stuxnet from
a different perspective - its footprint in physical memory. On a tour
that showcases almost all of Volatility’s commands, we’ll discuss the
top 20 artifacts, including kernel callbacks, injected code, drivers
and device hooks, services, registry modifications, and syscall
hooks. Although Stuxnet isn’t particularly stealthy, it does have
several unique characteristics that will be interesting to forensic
investigators, malware analysts, or anyone who just wants to see
Volatility in action!
