A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


The Entropy of Obfuscated Code - Adam Hogan @adamwhogan Bsides Cleveland 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

The Entropy of Obfuscated Code
Adam Hogan @adamwhogan

While it is far from a new attack vector it is still very common to see malware attack through code embedded in Office documents (VBA macros) or PDF files (javascript). These attacks evade simple detection engines like IPS or AV by obfuscating and randomizing this malicious code. I will show how to extract and automate analysis of this type of code to determine if randomized code has been hidden inside. Finally, by further exploring the mathematical principles of information theory I will show how to defeat my own detection by using a more advanced randomization process.

Adam Hogan is a Consulting Security Engineer with Cisco’s Advanced Threat Solutions team. He began his career in security with the open source community and has been working with Snort and Clam ever since. He enjoys researching malware and how to stop it. His graduate studies are in economics, but turns out that wasn’t nearly as fun as security. Adam lives in Columbus, Ohio.

Back to Bsides Cleveland 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast