Duqu, Flame, Gauss: Followers of Stuxnet

  • Wednesday, October 10, 2012 | 14:10 – 15:00 | Buckingham (East Wing)
View all Sessions

This session will present our work at CrySyS Lab on Duqu, Flame and Gauss: how we found Duqu, our work on the dropper and our detector toolkit, Flame, the Gauss related Palida font detector tool and our Gauss Info Collector. Novelties include the use of signed drivers, the 0-days, the Flame windows update attack vector, the Gauss encrypted payload. Hear what we can learn from these incidents.

Participants

This document was retrieved from http://www.rsaconference.com/events/eu12/agenda/sessions/474/duqu-flame-gauss-followers-of-stuxnet on Wed, 23 Apr 2014 12:03:28 -0400.
© 2014 EMC Corporation. All rights reserved.