Preventing File-Based Botnet Persistence and Growth
In the current threat landscape, we see most botnets propagating via exploits and file based malware. Anything that touches the disk has the ability to be blocked via access controls on the host. New techniques utilize more than just binaries to execute malicious code which is why there is a need for execution control. The main techniques we see botnets attempting to grow is through malware utilizing javascript payloads, standard binaries, doc macros and powershell payloads. In light of these techniques this talk will cover methods for implementing appropriate application whitelists and configuration changes that make it easier for security administrators / security professionals to protect and maintain a secure environment. In addition to block rules and best practices the presentation will go over audit based policies that can be implemented.