A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Reverse engineering all the malware...and why you should stop. - Brandon Young Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Reverse engineering all the malware...and why you should stop.
Brandon Young
Derbycon 2016

Reverse engineering malware isn't about pulling out a bunch of IOC's anymore, hell, Cuckoo can do that just fine the majority of time. I'll admit, there are a few times when we see customized malware or a new variant that we need to RE in order to pull out some uniqueness in a quick fashion, but most static signatures can be written with a hex editor and Strings... So why do we reverse engineer malware still? Well, who do you think builds the automated analysis tools and sandboxes? It's a group of extremely talented software developers and a few reverse engineers who are tired of spending their time writing string decoders for PlugX. This talk will discuss some of the more menial tasks that reverse engineers are plagued with and then dive deeper into the types of projects that can really take advantage of this unique skill set along with utilizing reverse engineers to improve on your own security tools and those in our open-source community. Remember, if Cuckoo can do it then you shouldn't have to.

Brandon has been a member of the U.S. Navy, a government contractor, worked at a research institute, and has also been with numerous private sector organizations performing incident response, malware analysis, and reverse engineering. Brandon currently works for Palo Alto Networks on the Global Security Response Team as a senior reverse engineer and spends most days identifying new ways to improve the automation of malware analysis and researching traditional program analysis uses in the malware analysis landscape.

@bry6891

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast