A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


So Easy A High-Schooler Could Do It: Static malware analysis using function-level signatures - James Brahm, Matthew Rogers, and Morgan Wagner (BSides Huntsville 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

So Easy A High-Schooler Could Do It: Static malware analysis using function-level signatures
James Brahm, Matthew Rogers, and Morgan Wagner

This presentation is a summary of an experimental malware detection method pioneered by three high-school interns at Dynetics. Their solution differs from traditional detection methods in that the malware signatures are unique to a function, not a file, and that the signature generation uses context-triggered piecewise hashing (fuzzy hashing) instead of traditional absolute hashing algorithms such as MD5. The team created software called Malfunction that implements these methods. Preliminary tests indicate that it is capable of identifying the author of a malware sample by comparing it to known malware from that author as well as identifying individual malware "features".

Bio: James Brahm, Matthew Rogers, and Morgan Wagner are seniors at Grissom High School, where they are part of the nationally-ranked Cybersecurity Team. They are currently employed by Dynetics as malware researchers. They all plan to pursue careers in the defense industry, either in the armed forces or as civilian contractors.

Back to BSides Huntsville 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast