Sarthak Misraa
Last known affiliation: SentinelOne
Bio: Sarthak Misraa is currently a Staff Threat Intelligence Researcher at SentinelOne, where he focuses on identifying and mitigating bleeding-edge threats. With an extensive background in malware reverse engineering and threat intelligence, he has published numerous blogs sharing insights and expertise in the field. He has also built and filed a patent for detection technology. Additionally, his experience in offensive security and capability development further enhances his ability to address complex security challenges.
Sarthak Misraa 🗣
Abstract (click to view)
The purpose of the talk is to highlight and overcome the limitation in hunting and tracking malware using traditional means and actors who are abusing this limitation stay hidden for extended periods of time. The talk further demonstrates techniques and tools to streamline this process of triage and hunting at scale. Further it highlight some missed opportunities and detection points that can be used to identify and hunt for malware and tune down the noise of packers, obfuscation and other anti-analysis tricks. This is achieved by using a few automation tools that were written to highlight this method of threat hunting.
Furthermore, this talk also discusses the methodology behind a custom sandbox designed to generate dynamic analysis and static correlation rules. These rules are instrumental in aiding the classification and attribution of threats, enhancing the overall effectiveness of the Threat Intelligence process. In the demo section i will also be showing some case study of interesting scenarios where i was able to track different c2 beacons and ransomware iteration using this hunting methodology.
