Description
Course info
Level
Intermediate
Updated
Nov 15, 2019
Duration
1h 30m
Description

In this course, Malware Analysis and Detection: TrickBot, Aaron Rosenmund and Tyler Hudak discuss the malware TrickBot, a popular malware used by attackers. By the end of this course, you will learn how TrickBot works, what it does to computers it compromises, and what tools you can use to detect it on your hosts and network.

About the author
About the author

Tyler Hudak has more than 15 years of experience performing malware analysis, computer forensics, and incident response for multiple organizations. He loves sharing the knowledge he has gained on these topics in his presentations and classes!

More from the author
Setting Up a Malware Analysis Lab
Intermediate
1h 26m
Nov 21, 2019
Hunting for Fileless Malware
Intermediate
1h 41m
Dec 18, 2018
More courses by Tyler Hudak
About the author

Aaron M. Rosenmund is a cyber security operations and incident response subject matter expert, with a background in federal and business system administration, virtualization and automation.

More from the author
Command and Control with Covenant
Intermediate
20m
Dec 31, 2019
Assessing Red Team Post Exploitation Activity
Intermediate
1h 3m
Dec 19, 2019
More courses by Aaron Rosenmund
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
(Music) (Aaron) Hello everyone. I'm Aaron Rosenmund, a staff author for Pluralsight focused on security operations and incident response, and a part-time member of the Florida International Guard, working in defensive cyber operations. (Tyler) Hey, this is Tyler Hudak. I do incident response as my primary job and am a Pluralsight author. In my job, I've come across the TrickBot malware more times than I can count. This is a dangerous piece of malware that, if left unchecked in your environment, can lead to very bad things happening. (Aaron) Malware developers never rest, and neither can we. TrickBot has resurged recently, earning headlines like, "TrickBot snares 250 million passwords, " and touting some very large infection numbers. Combined with its modularized deployment and per-device encryption, this malware has indiscriminately spread far and wide. Following commodity malware trends, it is being leveraged as an intermediate stage that's often followed by ransomware, and it seems to be under frequent development. (Tyler) In this course, we'll cover what TrickBot is, what it's used for, and how it works. We'll also cover how you can analyze what TrickBot does on systems that it compromises, as well as the network traffic it generates. (Aaron) By the end of this Play by Play, you will have some intermediate indicators to search through your environment for TrickBot compromise and the confidence to follow the same dynamic analysis process for new variants of TrickBot as they're developed and deployed in the wild. (Tyler) We hope you'll join us on this journey to learn how to analyze TrickBot in this Play by Play at Pluralsight.