Threat Hunting//
Threat Hunting Case Study: FileFix
FileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.
Roman Sannikov immigrated with his parents from Russia to the United States when he was a teenager. Through his parents, he kept up his Russian-language skills. For more than two decades, he worked as an interpreter for the FBI and U.S. Department of Justice, interviewing cybercriminals and even secretly acting as a moderator of a top but now-defunct Russian language cybercriminal forum. He has worked cyber threat intelligence (CTI) and blockchain analysis companies including Recorded Future, Flashpoint and TRM Labs. He now runs Constellation Cyber, a CTI consultancy based in New York. In this Studio 471, Sannikov shares his insight into the Russian cybercriminal landscape, the evolution of online crime and what lies ahead with ransomware.
Participants:
Roman Sannikov, Founder, Constellation Cyber
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471
