Speaker

Zhassulan Zhussupov

Zhassulan Zhussupov

Malware Researcher, Threat Hunter, Buttefly Effect Team

Istanbul, Turkey

Actions

cybersecurity enthusiast, author, speaker and mathematician. Author of popular books:
MD MZ Malware Development Book (2022, 2024)
MALWILD: Malware in the Wild Book (2023)
Malware Development for Ethical Hackers Book: https://www.amazon.com/dp/1801810176 (2024)
Author and tech reviewer at Packt. Co founder of MSSP Research LAB, author of many cybersecurity blogs, HVCK magazine
Malpedia contributor
Speaker at BlackHat, Security BSides, Arab Security Conference, Hack.lu, Standoff, etc conferences

Area of Expertise

  • Information & Communications Technology

Topics

  • Malware
  • Threat Intelligence
  • Threat Hunting
  • Cryptography
  • Hacking
  • Ethical Hacking
  • Programming

Malware and Hunting for Persistence: how adversaries hacking your Windows?

The story of how I discovered several non-standard and unusual methods for malware persistence using the registry
modifications and DLL hijacking vulnerability: Windows Internet Explorer, Win32API Cryptography features, Windows
Troubleshooting Feature and Process Hacker 2.
Research in the field of hunting new persistence techniques for malware.
Also a comparison of these methods with classical tricks and techniques that are used by various APT groups and
Ransomware's authors.

Malware, Persistence and Cryptography

Whether you are a Red Team or Blue Team specialist, learning the techniques
and tricks of malware development gives you the most complete picture of
advanced attacks. Also, due to the fact that most (classic) malwares are written
under Windows, as a rule, this gives you tangible knowledge of developing under Windows.
The course will teach you how to develop malware, including classic tricks and tricks of modern ransomware found in the wild. Everything is supported by real examples.
The course is intended for Red Team specialists to learn in more detail the tricks of malware development (also persistence and AV bypass) and will also be useful to Blue Team specialists when conducting investigations and analyzing malware.

The course is divided into four logical sections:
- Malware development tricks and techniques (classic injection tricks, DLL injection tricks, shellcode running)
- AV evasion tricks (Anti-VM, Anti-Sandbox, Anti-disassembling)
- Persistence techniques
- Cryptographic functions in malware development (exclusive)

Most of the example in this course require a deep understanding of the Python
and C/C++ programming languages.

Knowledge of assembly language basics is not required but will be an advantage

Malware, Cats and Cryptography

Research in the field of reimplementation of ransomware and the role of cryptography in malware development. Application of classical
cryptographic algorithms for payload and ransomware encryption. Practical research has been carried out: the results of
using Skipjack, TEA, Madryga, RC5, A5/1, Z85, DES, mmb, Kuznechik, etc. encryption algorithms have been analysed. The
application of cryptography based on elliptic curves is also being researched. How does all this affect the VirusTotal detection score and how applicable is it for bypassing AV solutions (AV bypass). In some researched practical cases, we get FUD malware.
Bypass AV Kaspersky, Windows Defender. ESET NOD32 in some practical cases.
Reverse engineering and code reconstruction with malware development tricks from ransomware and malware like Conti, Snowyamber, Paradise Ransomware, CopyKittens, Hello Kitty etc. Discovered new tricks from Russian APT29 related malware.

BSides Tirana 2024 Sessionize Event

September 2024 Tirana, Albania

BSides Kraków 2024 Sessionize Event

September 2024 Kraków, Poland

BSides Prishtina 2024 Sessionize Event

May 2024 Pristina, Kosovo

Security BSides Sofia 2024 Sessionize Event

March 2024 Sofia, Bulgaria

Zhassulan Zhussupov

Malware Researcher, Threat Hunter, Buttefly Effect Team

Istanbul, Turkey

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top