{"id":16561,"date":"2019-10-10T10:52:30","date_gmt":"2019-10-10T18:52:30","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/10\/10\/news-10300\/"},"modified":"2019-10-10T10:52:30","modified_gmt":"2019-10-10T18:52:30","slug":"news-10300","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/10\/10\/news-10300\/","title":{"rendered":"VB2019 preview: Problem child: common patterns in malicious parent-child relationships"},"content":{"rendered":"

Living-off-the-land binaries, often referred to as LOLbins, are legitimate (Windows<\/em>) binaries used for malicious purposes. Their use has increased in malware campaigns in recent years and serves as a reminder that a defensive approach focused purely on detecting malicious binaries is outdated.<\/p>\n

Thus rather than focus on the binaries itself, it is important to study the parent-child process that leads to a binary being executed to determine whether its use is likely malicious.<\/p>\n

This is the premise of a paper<\/a> to be presented at VB2019 by Endgame<\/em> researcher Bobby Filar, who will discuss Problem Child, a graph-based framework designed to address these issues. In his research he also used the framework against activities by two known APT actors: OceanLotus and APT3.<\/p>\n

With VB2019 just one month away, it is time to book your ticket<\/a> for the most international threat intelligence event of the year!<\/p>\n

\"vb2019-register-now-2.jpg\"<\/a><\/p>\n

outertext
https:\/\/www.virusbulletin.com\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"


We preview the VB2019 paper by Endgame researcher Bobby Filar, who created a graph-based framework designed to detect malicious use of legitimate binaries through parent-child relationships. <\/p>\n

Read more<\/a> <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[23177,10378,23176],"tags":[],"class_list":["post-16561","post","type-post","status-publish","format-standard","hentry","category-magazine","category-security","category-virusbulletin"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16561"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16561\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16561"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}