A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Automated Static Malware Analysis Using Function-level Signatures or: How I Learned to Stop Worrying and Love the APT - James Brahm, Matthew Rogers, Morgan Wagners (ShowMeCon 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Automated Static Malware Analysis Using Function-level Signatures or: How I Learned to Stop Worrying and Love the APT
James Brahm, Matthew Rogers, Morgan Wagners
ShowMeCon 2015
http://www.showmecon.com

This talk is a summary of an experimental malware detection and analysis method developed by high-school interns at Dynetics, Inc. Their solution differs from traditional methods in that malware signatures are unique to an assembly-language function, not a file, and that the signature generation uses context-triggered piecewise hashing (fuzzy hashing) instead of traditional absolute hashing algorithms such as MD5. The team created software called Malfunction that implements these methods. Preliminary tests indicate that it is capable of identifying the author of a malware sample by comparing it to known malware from that author, showing promise as both a detection tool as well as a forensics toolkit. The team is now working to develop plugins to extend Malfunction's capabilities when deployed against malware sealed in a packer or injected into memory.

Bio: James Brahm, Matthew Rogers and Morgan Wagner are recent graduates from high school, where they enjoyed tinkering with malware more than doing homework.ÿ While in high school, they competed in CyberPatriot, a cyberdefense, networking, and forensics competition as part of the ?CyberSloths? and became the National Champions their senior year.ÿ They are employed by Dynetics, in Huntsville, AL, as malware researchers.ÿ They will have much more interesting bios once they know where they are going after high school.

Back to ShowMeCon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast