Malware Analysis and Detection: Trickbot
By Tyler Hudak and Aaron Rosenmund
Course info
Course info
Description
In this course, Malware Analysis and Detection: TrickBot, Aaron Rosenmund and Tyler Hudak discuss the malware TrickBot, a popular malware used by attackers. By the end of this course, you will learn how TrickBot works, what it does to computers it compromises, and what tools you can use to detect it on your hosts and network.
About the author
Tyler Hudak has more than 15 years of experience performing malware analysis, computer forensics, and incident response for multiple organizations. He loves sharing the knowledge he has gained on these topics in his presentations and classes!
More from the author
About the author
Aaron M. Rosenmund is a cyber security operations and incident response subject matter expert, with a background in federal and business system administration, virtualization and automation.
More from the author
Section Introduction Transcripts
Course Overview
(Music) (Aaron) Hello everyone. I'm Aaron Rosenmund, a staff author for Pluralsight focused on security operations and incident response, and a part-time member of the Florida International Guard, working in defensive cyber operations. (Tyler) Hey, this is Tyler Hudak. I do incident response as my primary job and am a Pluralsight author. In my job, I've come across the TrickBot malware more times than I can count. This is a dangerous piece of malware that, if left unchecked in your environment, can lead to very bad things happening. (Aaron) Malware developers never rest, and neither can we. TrickBot has resurged recently, earning headlines like, "TrickBot snares 250 million passwords, " and touting some very large infection numbers. Combined with its modularized deployment and per-device encryption, this malware has indiscriminately spread far and wide. Following commodity malware trends, it is being leveraged as an intermediate stage that's often followed by ransomware, and it seems to be under frequent development. (Tyler) In this course, we'll cover what TrickBot is, what it's used for, and how it works. We'll also cover how you can analyze what TrickBot does on systems that it compromises, as well as the network traffic it generates. (Aaron) By the end of this Play by Play, you will have some intermediate indicators to search through your environment for TrickBot compromise and the confidence to follow the same dynamic analysis process for new variants of TrickBot as they're developed and deployed in the wild. (Tyler) We hope you'll join us on this journey to learn how to analyze TrickBot in this Play by Play at Pluralsight.