A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Analyzing the Entropy of Document Hidden Code - Adam Hogan (Circle City Con 2015 Videose 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Analyzing the Entropy of Document Hidden Code
Adam Hogan

Circle City Con 2015

Some of the most difficult malware for standard vendor-driven security products are document files containing code to run. JavaScript in PDF files and macros in Microsoft Office files are certainly not a new problem but remain a serious threat. I will show how to automate some of the analysis of this code. By analyzing the entropy of the code extracted most attacks can be detected by searching for the hacker's attempt to avoid detection. As a bonus for red team members, I will show how to defeat my own detection and better hide malicious code.

Bio: Adam Hogan is a Consulting Security Engineer with Cisco?s Advanced Threat Solutions team. He began his career in security with the open source community and has been working with Snort and Clam ever since. He enjoys researching malware and how to stop t. His graduate studies are in economics, but turns out that wasn?t nearly as fun as security. Adam lives in Columbus, Ohio.

Back to Circle City Con 2015 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast