Threat Hunting//
Threat Hunting Case Study: FileFix
FileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.
In the early 2010s, a group of malicious hackers had a goal: to build a Durango, which was the code name for Microsoft’s next-generation gaming console, eventually known as the Xbox One. They did this by stealing reams of data: authentication keys, personal data, login credentials, and proprietary gaming documents. Arman Sadri was on the fringes of the group. He was a gaming hacker who taught himself programming languages such as C# and C++ and how to hack games like Call of Duty. He sold gaming cheats or mods. His eventual goal was a legitimate job in the games industry. Eventually, Microsoft hired him to debug Xbox games, which was a dream job. But it was the start of his life unraveling. Microsoft fired him. The FBI wasn’t long behind him. Arman didn’t recognize when he’d gone too deep, and his years-long dalliance on the edge with computers led him to a place from which he’s still recovering.
Participants:
Arman Sadri, Founder, The Good Hackers
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471
