The Sakula and Derusbi malware families are active malware used by advanced threat actors to conduct attacks on several large profile targets, including Anthem insurance, with new variants regularly appearing in the wild. The session will provide a deep analysis of techniques used by Sakula and Derusbi malware to install itself, communicate with a command and control server, and exfiltrate data.