Reverse engineering malware isn't about pulling out a bunch of IOC's anymore, hell, Cuckoo can do that just fine the majority of time. I'll admit, there are a few times when we see customized malware or a new variant that we need to RE in order to pull out some uniqueness in a quick fashion, but most static signatures can be written with a hex editor and Strings... So why do we reverse engineer malware still? Well, who do you think builds the automated analysis tools and sandboxes? It's a group of extremely talented software developers and a few reverse engineers who are tired of spending their time writing string decoders for PlugX. This talk will discuss some of the more menial tasks that reverse engineers are plagued with and then dive deeper into the types of projects that can really take advantage of this unique skill set along with utilizing reverse engineers to improve on your own security tools and those in our open-source community. Remember, if Cuckoo can do it then you shouldn't have to.

Brandon has been a member of the U.S. Navy, a government contractor, worked at a research institute, and has also been with numerous private sector organizations performing incident response, malware analysis, and reverse engineering. Brandon currently works for Palo Alto Networks on the Global Security Response Team as a senior reverse engineer and spends most days identifying new ways to improve the automation of malware analysis and researching traditional program analysis uses in the malware analysis landscape.

@bry6891

Back to Derbycon 2016 video list