Debuggers, disassemblers, virtual machines, sandboxes, signatures. All of those concepts are commonly used on malware-related talks; but, do you actually know how to effectively use them to automate your malware analysis procedures and leaverage high quality threat intelligence? Well, this is the place to be if you want to answer this question.
Even though malware analysis could sound scary for some people, the art of dissecting and understanding the inner workings of a malicious sample can provide us an advantage in this cyber war. Keep in mind, that every time attackers send you a malicious sample they are giving you a low level representation of the actual source code. Yes, this is not a trivial representation that will be understood in 10 minutes, but if you have the proper tools and skills you will get its secrets (and its weaknesses).
We will start our workshop with an unknown malware sample and based on our observations during the analysis, we will build our own tools to detect it and automate its analysis, so next time you see it, you will spend just a couple of seconds in its analysis.
Malware researcher, CEH, GREM, electronics geek, late night programmer who hunts and dissects malware just for fun!
Level 0, Blue Team Village