Case Study: ModPOS vs. RawPOS - Presentation at SANS DFIR Summit

Hilton Austin, East 4th Street, Austin, TX, USA
Start Date:
June 7, 2018 3:35 PM
End Date:
June 7, 2018 4:10 PM

Although merchants and retailers have been implementing more secure technologies within their payment environments, such as Chip and PIN and Point to Point Encryption, they continue to be targeted by cyber criminals intent on stealing payment card data. Popular tools used by hackers in these types of breaches include memory-scraping malware such as RawPOS and ModPOS. During this session, Mr. Nesbit and Mr. Dormido will provide an overview of these two malware variants, exploring the similarities and differences between them. They will also discuss forensic artifacts and analysis techniques useful in payment card breach investigations.

Learn more about the speakers
ron-dormido-(2).JPG Ronald Dormido

brandon-nesbit.JPG Brandon Nesbit, Author

Brandon Nesbit is a Senior Managing Consultant with Kroll’s Cyber Security and Investigations practice, based out of the Portland area. Brandon is an expert in the areas of incident response, digital forensics, and malware analysis. With more than 10 years of experience performing hundreds of investigations across the globe, and more than 17 years of working in the IT industry, Brandon brings his commitment to excellence and client satisfaction to each engagement.

For additional Kroll presentations from the 2018 DFIR Summit & Training, please take a look here!

The annual SANS Digital Forensics & Incident Response (DFIR) Summit is the most comprehensive DFIR event of the year, bringing together an influential group of experts, immersion-style training, and industry networking opportunities in one place. Over the course of this eight-day training event, you'll enjoy:

  • Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit.
  • Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses and learn how to better protect your organization.
  • DFIR NetWars: The Coin Slayer! - Earn DFIR course coins by correctly answering all questions from all levels of the six DFIR domains. Leave Austin with a motherlode of coinage!

Join Kroll's Brandon Nesbit & Ron Dormido for a session on the "Case Study: ModPOS vs. RawPOS – A Nerd's-Eye View of Two Malware Frameworks" on Thursday, June 7, 2018 at 3:35 pm.