This presentation forms part of the CTA's Threat Intelligence Practitioners' Summit
Thursday 3 October 16:30 - 17:00, Small Talks room
Zsomber Kovacs (MRG Effitas) Liam O'Murchu (Symantec by Broadcom)
Over time, malicious actors have moved away from writing custom compiled programs to perform their actions. The Windows operating system provides a rich collection of very powerful tools which obviate the need to deliver custom binaries. PowerShell, WScript and CScript are fully functional languages that are equally capable of performing any actions that a compiled language can. These types of tools are generally referred to as "Living off the Land" (LotL) tools. Recently, this definition has expanded to include commercial third-party tools, such as AnyDesk, which are legitimate business applications that are being utilized by malicious actors. "Legitimate business applications" is precisely the problem.
Often, system administrators will make use of these tools to perform a host of activities to monitor and maintain systems. This is where the complications arise. How does one distinguish between legitimate admin and user behaviour versus malicious actor behaviour? Adaptive Protection turns this problem into a solution.
![]() |
Zsombor Kovacs Zsombor Kovacs is an experienced cybersecurity specialist and CTO at MRG Effitas, heading up the engineering team and overseeing MRG's public and private testing and threat feeds services. He has over 15 years of hands-on experience in practical security testing, including application and infrastructure evaluation, mobile application security, incident response, forensic and reverse engineering, penetration testing and physical security. He is the driving force behind MRG's Android-based efficacy testing and malware analysis and plays a key role in the ongoing development of MRG's real-time testing and alert technology, Tempus.
|
![]() |
Liam O'Murchu Liam O’Murchu is Technical Director with the Security Technology and Response group with Symantec. Over the past 20 years, O’Murchu has investigated and responded to the most sophisticated cyber attacks to ever emerge, from professional cybercriminals targeting financial institutions, to government-backed threats targeting critical infrastructure. His analysis of Stuxnet uncovered its true objective, to disrupt uranium enrichment in Iran. The analysis detailed how sophisticated attacks on critical infrastructure are carried out in the modern era. The analysis is featured in the book Countdown to Zero Day by Kim Zetter and the Zero Days feature film documentary by Academy award winner Alex Gibney, which was shortlisted for best documentary at the Academy Awards in 2017. His recent investigative work and testimony for law enforcement has been instrumental to successful cybercrime prosecutions. In 2012 O'Murchu was awarded the ISSA’s President’s Award honouring exceptional contributions to the security community. |
Back to VB2024 conference page