- 14 Nov
Indicators of compromise or IOCs, are pieces of evidence or artifacts that can be used to identify and detect security incidents, such as cyberattacks or data breaches. They are essentially signs or patterns that suggest a system or network has been compromised or is under a threat, but these indicators are relatively easy to change by the attackers, and that's why we need more robust methods of indicators that are hard for an attacker to change. In this session we will talk about things like memory pages and protection status like read, write and execute flags. We will talk about stack encryption, suspended threads and more artifacts that could be available in the system and would be hard for an attacker to change.