Your SlideShare is downloading. ×
0
Dissecting the Hack
Malware Analysis 101
Sunday, September 19, 2010
Who am I?
Gerry Brunelle
System Security Engineer for Boeing
Sunday, September 19, 2010
What were covering
Malware 101
Analysis 101
evil.exe
Sunday, September 19, 2010
Malware 101
So..what is malware?
A piece of software that accesses a computer
secretly without the owners consent
Some typ...
Malware 101
How does malware affect you?
Steals information from your systems
Compromises integrity of you data
Cripples n...
Analysis 101
2 Types
Behavioral analysis
Code analysis
Sunday, September 19, 2010
Analysis 101
Behavioral analysis
What the malware does
File creation/modification
Network activity
Registry activity
Sunday...
Analysis 101
Code analysis
What you can’t observe
Code characteristics
Packing/unpacking
Embedded information
Sunday, Sept...
Our scenario
User calls stating their machine is slow
Escalated to L2 support for on-site
On-site tech observes odd behavi...
Our Scenario
SOC CIRT Team mobilized
They are now observing multiple infections
Estimated infections at ~1000
Traffic is no...
Our scenario
Time to do some hacking...
Sunday, September 19, 2010
Upcoming SlideShare
Loading in...5
×

Dissecting the Hack: Malware Analysis 101

563

Published on

Dissecting the Hack: Malware Analysis 101 is designed to be an introduction into the world of malware analysis. This presentation will begin with a brief 5 to 10 minute introduction to some malware analysis theory, followed by a live demonstration that will take the audience through an in-depth behavioral and code analysis of a select piece of malware. This demonstration will include techniques using free open source tools such as detecting packers and unpacking, file and registry analysis, and in depth code analysis.

Gerry Brunnelle, System Security Engineer, Boeing

Gerry Brunelle is currently a System Security Engineer for Boeing in the Washington, D.C. area. He is also currently a candidate for a MS in Computer Security and Information Assurance from RIT and has a BS in Network and System Administration from RIT. He has participated in various security groups and competitions, and designed and ran the Capture the Flag event for the Rochester Security Summit in 2009.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
563
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Dissecting the Hack: Malware Analysis 101 "

  1. 1. Dissecting the Hack Malware Analysis 101 Sunday, September 19, 2010
  2. 2. Who am I? Gerry Brunelle System Security Engineer for Boeing Sunday, September 19, 2010
  3. 3. What were covering Malware 101 Analysis 101 evil.exe Sunday, September 19, 2010
  4. 4. Malware 101 So..what is malware? A piece of software that accesses a computer secretly without the owners consent Some types are viruses, rootkits, and trojans Are designed to do almost anything Sunday, September 19, 2010
  5. 5. Malware 101 How does malware affect you? Steals information from your systems Compromises integrity of you data Cripples networks Sunday, September 19, 2010
  6. 6. Analysis 101 2 Types Behavioral analysis Code analysis Sunday, September 19, 2010
  7. 7. Analysis 101 Behavioral analysis What the malware does File creation/modification Network activity Registry activity Sunday, September 19, 2010
  8. 8. Analysis 101 Code analysis What you can’t observe Code characteristics Packing/unpacking Embedded information Sunday, September 19, 2010
  9. 9. Our scenario User calls stating their machine is slow Escalated to L2 support for on-site On-site tech observes odd behavior evil.exe running Connected to port 1337 somewhere Tech refers case to Security Operations Center Sunday, September 19, 2010
  10. 10. Our Scenario SOC CIRT Team mobilized They are now observing multiple infections Estimated infections at ~1000 Traffic is now crippling traffic at the border Have received evil.exe for analysis Sunday, September 19, 2010
  11. 11. Our scenario Time to do some hacking... Sunday, September 19, 2010
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×