Although merchants and retailers have been implementing more secure technologies within their payment environments, such as Chip and PIN and Point to Point Encryption, they continue to be targeted by cyber criminals intent on stealing payment card data. Popular tools used by hackers in these types of breaches include memory-scraping malware such as RawPOS and ModPOS. During this session, Mr. Nesbit and Mr. Dormido will provide an overview of these two malware variants, exploring the similarities and differences between them. They will also discuss forensic artifacts and analysis techniques useful in payment card breach investigations.
For additional Kroll presentations from the 2018 DFIR Summit & Training, please take a look here!
- Finding and Decoding Malicious Powershell Scripts
- A Planned Methodology for Forensically Sound Incident Response in Microsoft’s Office 365 Cloud Environment
The annual SANS Digital Forensics & Incident Response (DFIR) Summit is the most comprehensive DFIR event of the year, bringing together an influential group of experts, immersion-style training, and industry networking opportunities in one place. Over the course of this eight-day training event, you'll enjoy:
- Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit.
- Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses and learn how to better protect your organization.
- DFIR NetWars: The Coin Slayer! - Earn DFIR course coins by correctly answering all questions from all levels of the six DFIR domains. Leave Austin with a motherlode of coinage!
Join Brandon Nesbit & Ron Dormido for a session on the "Case Study: ModPOS vs. RawPOS – A Nerd's-Eye View of Two Malware Frameworks" on Thursday, June 7, 2018 at 3:35 pm.