Think About Your Audience Before Choosing a Webinar Title

Sponsored by 

New Aqua Logo - Black 


On Demand

HeadCrab is a highly elusive and sophisticated malware created by an advanced threat actor who utilized custom-made Redis Modules and APIs to build a full-scale malicious framework. Since 2021, the highly advanced malware has deployed several highly technical novel techniques which allowed it to infiltrate servers worldwide. It was evident that the threat actor made operational security a top priority, with several hiding techniques including specifically bypassing security solutions.

In this session, we will share with you a rare and fascinating story of the attack, the tactics we employed to communicate with the attacker, and our technical analysis of both the malware and the persistent tool. We will delve into the malware's 50+ malicious capabilities, including its use of custom Redis commands as communication methods, overwriting Redis commands to avoid detection and fileless attacks to remain hidden. We will also disclose never-before-seen information about a new variant of the malware and the changes the threat actor made to avoid detection.

Furthermore, we will walk you through our investigation of the command-and-control infrastructure of both variants, which led to the discovery that over 2,000 compromised servers were being used as a botnet to help the attacker stay anonymous.

Join us for a captivating and insightful session, getting a glimpse into this advanced operation and the mind behind it.

Key Takeaways:

  • HeadCrab Sophistication: How this advanced malware was crafted with custom tools for stealthy operations.
  • Evasion Techniques: Insights into the unique methods used to evade detection and maintain a low profile on infected servers.
  • Global Impact: Learn about the extensive reach of HeadCrab malware, which commandeered a botnet of over 2,000 servers, showcasing its capacity as a pervasive cybersecurity threat.
Asaf Eitani
Senior Security Researcher - Aqua Security
Asaf Eitani is a Senior Security Researcher at Team Nautilus, Aqua's cyber research team. He has nearly a decade of experience in incident response, Windows and Linux internals research, malware analysis and reverse engineering. Over the past year, Asaf has been focusing on eBPF development and low-level Linux and malware research. Asaf spoke at BsidesTLV 2022, Black Hat 2022 USA, Black Hat Europe 2022 and RSAC 2023. Before joining Aqua, he was analyzing real-world attacks and dissecting malware as an incident responder at Sygnia. Asaf is also the founder of OtterCTF, a defensive cyber competition. 
Nitzan Yaakov
Security Data Analyst - Aqua Security
Nitzan Yaakov is a Security Data Analyst at Team Nautilus, Aqua's cyber research team. In her current role, she focuses on analyzing daily attacks performed in the wild, and drawing conclusions about new techniques and trends to improve the security chain. Her dedication to staying current with the latest techniques and trends in the industry enables her to derive key insights that she shares through technical blogs. Prior to joining Aqua, Nitzan worked as a cyber security analyst, where she monitored the company's assets to identify potential threats.

Register to Watch Now:

What You’ll Learn in This Webinar

You’ve probably written a hundred abstracts in your day, but have you come up with a template that really seems to resonate? Go back through your past webinar inventory and see what events produced the most registrants. Sure – this will vary by topic but what got their attention initially was the description you wrote.

Paint a mental image of the benefits of attending your webinar. Often times this can be summarized in the title of your event. Your prospects may not even make it to the body of the message, so get your point across immediately.  Capture their attention, pique their interest, and push them towards the desired action (i.e. signing up for your event). You have to make them focus and you have to do it fast. Using an active voice and bullet points is great way to do this.

Always add key takeaways. Something like this....In this session, you’ll learn about:

  • You know you’ve cringed at misspellings and improper grammar before, so don’t get caught making the same mistake.
  • Get a second or even third set of eyes to review your work.
  • It reflects on your professionalism even if it has nothing to do with your event.