Many remote access tools are used legitimately and not considered malware. However, these tools actively bypass network controls, obscuring which parties are communicating, when, and how. This ability to fly under the radar is attractive to malicious insiders and outside attackers alike. This talk will discuss common techniques these tools use and how security teams can find and understand them.
In this webinar you will:
- Gain an understanding of why remote access tools should be on your radar
- Learn common techniques used by remote access tools to bypass conventional detections
- Learn how to dissect remote access tools within Wireshark
- Discover information that is sometimes leaked by these programs
- Learn how to abstract out detection capabilities for this class of programs
By David Pearson