Abstract: I will demonstrate what kind of intelligence we can learn about malware by analyzing it in a sandbox environment. Specifically, I will show a sandbox report of both static and dynamic analysis for the malware that was used to exfiltrate credit card data from Target last Christmas season.

I will show what we can learn about that malware, and how we could use that information to stop the attack. Ultimately, however, I will argue that sandboxing is not a silver bullet. It generally requires good personnel familiar with analyzing malware to fully utilize the data. It may not be easily automated. Organizations will have to decide if they have a team built to use this kind of tool.

Author Bio: Adam Hogan got his start in security by learning Snort and other open source tools instead of attending class, and has been snorting fort the past decade. Sourcefire eventually hired him to write their training manuals and classes. He now works as a Consulting Security Engineer for Sourcefire (now part of Cisco). Adam lives in Columbus spends his free time using video games to avoid working on his dissertation.

Back to Circle City Con 2014 Videos list