Sept. 19, 2023, 1:10 p.m. | SANS Digital Forensics and Incident Response

SANS Digital Forensics and Incident Response

This year, we observed an attack in Taiwan using DLL sideloading malware. This could have started around 2021 and continued until we started monitoring and making discoveries. The DLL was named "TSVIPSvr.dll" and was loaded by the SessionEnv service and was ultimately intended for C&C communication by Cobalt Strike. We dealt with this attack by working effectively with our monitoring team, endpoint forensics team, and malware analysis team. In this presentation, we will talk about a series of attack techniques …

amp analysis attack case cobalt cobalt strike communication dll dll sideloading incident making malware monitoring .net service sideloading strike study taiwan ultimately

Business Information Security Officer

@ Metrolink | Los Angeles, CA

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City

Security Engineer

@ ChartMogul | Remote, EU

Cyber Hunt Subject Matter Expert (SME) - Hybrid

@ XOR Security | Alexandria, VA

Software Compliance, Safety and Security Manager (w/m/d)

@ Bosch Group | Stuttgart, Germany

Chef de projet - Service PKI

@ Alter Solutions | Paris, France