Potentially unnecessary and unwanted programs (a.k.a. PUPs), while not inherently malicious, increases an organization,s attack overall surface and exposes systems to additional threats extending well beyond the common software vulnerabilities. Widely distributed software such as built-in toolbars, search utilities, and browser extensions, are being repeatedly used for nefarious purposes, both on PC and mobile-based operating systems. This talk will discuss how attackers are leveraging these widely used general tools to conduct sophisticated and targeted attacks, distribute malware, and maintain persistence within a given network. This presentation will also discuss detection, mitigation, and network forensic tactics to combat the newest iteration of these types of attacks.

Josh Brunty is an Assistant Professor of Digital Forensics and Information Assurance at Marshall University in Huntington, WV. Josh is a former digital forensics laboratory manager and examiner with over a decade of experience in the field of digital forensics and high-tech crime investigation. Prior to joining Marshall, Josh spent several years as a digital forensics examiner and laboratory technical leader assisting in many high-profile cases for agencies around his home state of West Virginia, as well as serving on several federal and state-level cyber-crime task forces and panels. Josh has authored books, book chapters, journal publications, and has spoken at various conferences around the world on topics involving digital forensics, mobile device forensics, network forensics and deep packet analysis, and social media forensics. He is currently a member of the NIST Organization of Scientific Area Committee (OSAC) on Digital Evidence, focusing on standards and best practices in digital forensics.

Recorded at AIDE 2018