Always Look a Gift (Trojan) Horse in the Mouth

James Arndt

James Arndt

Speaker Bio

James Arndt is a Sr. Cybersecurity Engineer at American Transmission Company. While there, he focuses on dissecting whatever malicous email, documents, URLs, and executables that come across his path. Basically, he enjoys clicking on things and seeing what happens. Besides incident response, he has his hands in endpoint security, vulnerability management, and does some identity and access management on the side.
James has spoken at various local and national conferences on topics such as incident response and phishing analysis. He is also a SANS mentor in the Milwaukee area and has taught SEC401 Security Essentials and SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling.


It could be said that the city of Troy needed to update its antivirus or intrusion detection signatures. Maybe they needed to dust off their acceptable use policy on their SharePoint site? Or did their end users need more security training? Didn’t anyone warn the CEO of Troy that it is dangerous to push the “Enable Content” button on strange horses that show up outside the city wall? If only the city of Troy had a citizen that could have torn apart the Trojan Horse to see what was really going on inside.
The same goes for malicious emails. Someone will report a suspicious email because they think it might be malicious. But how bad is it really? Unless you are able to dig into the email and perform a thorough analysis on its attachments, you’ll never know how bad it is, how it behaves, and what it may be trying to contact.
In this talk, attendees will learn various tools and techniques that can be used to thoroughly analyze a malicous attachment and everything that comes after it. In order to get as many stones as possible, we will want to leave no stone unturned. This information can then be used to look for indicators of compromise throughout your environment.