This document provides an introduction to malware analysis. It discusses analyzing malware to understand adversaries and gather intelligence indicators that can be used to better protect systems. The document outlines that malware analysis involves taking malware apart to study it, identifies why it's important to profile attackers, and discusses recommended tools and tips for malware analysis including automated analysis tools, manual analysis tools, and sources for indicators of compromise. It provides an example analysis of the "Magneto" malware that exploits a Firefox vulnerability to gather system information from targeted machines.
Beginner level presentation on Malware Identification as part of the Malware Reverse Engineering course. Learn what malware is, how it functions, how it can be detected, identified and isolated for reverse engineering. For more information about malware detection and removal visit https://www.intertel.co.za
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionNeel Pathak
Slide briefly describes various av mechanisms, how they actually work, where any file signature is stored etc. And finally discusses av bypassing techniques.
Hackers already knows these techniques but do we know these ? These are just few techniques but there are many.
Related document can be found at
http://www.scribd.com/doc/176058721/Anti-Virus-Mechanism-and-Anti-Virus-Bypassing-Techniques
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
While a lot of attention is devoted to the mitigation of previously unknown attack methods ("0 days"), many of today's high-profile breaches are caused by "Known Vulnerabilities" in the application's components, also referred to as "vulnerabilities in third-party components." Attackers are quickly moving to exploit applications built with vulnerable components and are inflicting serious data loss and/or hijacking entire servers in the process. The rising popularity of third-party components in application development enables attackers to quickly and repeatedly locate and exploit vulnerabilities in application components - making these attacks widespread and extremely hazardous. This presentation will: (1) explore the recent growth of "Known Vulnerabilities" and examine the scope of the problem (2) examine how attackers are able to quickly "weaponize" these vulnerabilities for immediate profit (3) reveal techniques for limiting the damage resulting from "Known Vulnerabilities" exploitation.
There has been a Ransomware explosion the last 6 years and there have been very little done to stop infections aside from deprecated signature scans and classic malware scanner. Weston will go over a couple proof of concepts that work on even the most current versions of the malware stop from fully infecting the machines that would otherwise be infected with malware that demands 1000s of dollars in some instances. Weston will go over several methods of making your system immune to attacks from ransomware many of them were discovered from actually reverse engineering the malware early this year. Weston will also go over several open source tools to test your environments impact from malware such as Cryptowall and several tools both software and hardware that can protect your systems from malware infecting even methods of abusing the payment gateway system to allow you to get more than one file unlocked for free and Weston will also go into the research about breaking the encryption based on the outputted encrypted files.
Beginner level presentation on Malware Identification as part of the Malware Reverse Engineering course. Learn what malware is, how it functions, how it can be detected, identified and isolated for reverse engineering. For more information about malware detection and removal visit https://www.intertel.co.za
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionNeel Pathak
Slide briefly describes various av mechanisms, how they actually work, where any file signature is stored etc. And finally discusses av bypassing techniques.
Hackers already knows these techniques but do we know these ? These are just few techniques but there are many.
Related document can be found at
http://www.scribd.com/doc/176058721/Anti-Virus-Mechanism-and-Anti-Virus-Bypassing-Techniques
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
While a lot of attention is devoted to the mitigation of previously unknown attack methods ("0 days"), many of today's high-profile breaches are caused by "Known Vulnerabilities" in the application's components, also referred to as "vulnerabilities in third-party components." Attackers are quickly moving to exploit applications built with vulnerable components and are inflicting serious data loss and/or hijacking entire servers in the process. The rising popularity of third-party components in application development enables attackers to quickly and repeatedly locate and exploit vulnerabilities in application components - making these attacks widespread and extremely hazardous. This presentation will: (1) explore the recent growth of "Known Vulnerabilities" and examine the scope of the problem (2) examine how attackers are able to quickly "weaponize" these vulnerabilities for immediate profit (3) reveal techniques for limiting the damage resulting from "Known Vulnerabilities" exploitation.
There has been a Ransomware explosion the last 6 years and there have been very little done to stop infections aside from deprecated signature scans and classic malware scanner. Weston will go over a couple proof of concepts that work on even the most current versions of the malware stop from fully infecting the machines that would otherwise be infected with malware that demands 1000s of dollars in some instances. Weston will go over several methods of making your system immune to attacks from ransomware many of them were discovered from actually reverse engineering the malware early this year. Weston will also go over several open source tools to test your environments impact from malware such as Cryptowall and several tools both software and hardware that can protect your systems from malware infecting even methods of abusing the payment gateway system to allow you to get more than one file unlocked for free and Weston will also go into the research about breaking the encryption based on the outputted encrypted files.
Malware varies mostly in the visible payloads that they manifest. We can see them infecting files, un-installing antimalware applications, stealing important documents, controlling our computers remotely, and other malicious activities.
What we don’t see is how they are implemented within the malware code. Modern malware uses different techniques to protect themselves from detection, analysis, and eradication. Some malware uses layers to even obfuscate the way they use these protections.Layers in malware are defense mechanisms against deep analysis. Within these layers, different malware tricks are also deployed.
In this presentation, we are going to look into Scieron and Vawtrak. Two different malware that implements layers differently. We will see some video demo on how some of the malware code are executed within the context of a debugger.
Finally, we are going to leverage Volatility, a memory forensic tool, to detect the presence of layers in an infected system.
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneAlienVault
Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks. These can be very difficult to detect since they happen as users are going about their normal business. Join us a technical demo to watch a live example of this attack and how to detect it immediately using AlienVault USM.
Pentesting? What is Pentesting? Why Pentesting?
Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches
This is my presentation in JWC 4th Event Computer and Network Security FOrum at Binus International University. I talk about how to setup your own malware lab for malware analysis purpose.
A look at computer network defense techniques and strategies that actually work in a world of blinky light sales. Strait up defense served with a side of sarcasm.
Should I buy product $x from $vendor_y or product $y from $vendor_x? Probably neither. Come hear how you can get back to security basics to keep your organization from getting owned and discover when you are owned with a lot of tools you already have. No sales, no magic, just real world security for people that want to defend their organization.
Watchtowers of the Internet - Source Boston 2012Stephan Chenette
Watchtowers of the Internet: Analysis of Outbound Malware Communication, Stephan Chenette, Principal Security Researcher, (@StephanChenette) & Armin Buescher, Security Researcher
With advanced malware, targeted attacks, and advanced persistent threats, it’s not IF but WHEN a persistant attacker will penetrate your network and install malware on your company’s network and desktop computers. To get the full picture of the threat landscape created by malware, our malware sandbox lab runs over 30,000 malware samples a day. Network traffic is subsequently analyzed using heuristics and machine learning techniques to statistically score any outbound communication and identify command & control, back-channel, worm-like and other types of traffic used by malware.
Our talk will focus on the setup of the lab, major malware families as well as outlier malware, and the statistics we have generated to give our audience an exposure like never before into the details of malicious outbound communication. We will provide several tips, based on our analysis to help you create a safer and more secure network.
Stephan Chenette is a principal security researcher at Websense Security Labs, specializing in research tools and next generation emerging threats. In this role, he identifies and implements exploit and malcode detection techniques.
Armin Buescher is a Security Researcher and Software Engineer experienced in strategic development of detection/prevention technologies and analysis tools. Graduated as Dipl.-Inf. (MSc) with thesis on Client Honeypot systems. Interested in academic research work and published author of security research papers.
Malware varies mostly in the visible payloads that they manifest. We can see them infecting files, un-installing antimalware applications, stealing important documents, controlling our computers remotely, and other malicious activities.
What we don’t see is how they are implemented within the malware code. Modern malware uses different techniques to protect themselves from detection, analysis, and eradication. Some malware uses layers to even obfuscate the way they use these protections.Layers in malware are defense mechanisms against deep analysis. Within these layers, different malware tricks are also deployed.
In this presentation, we are going to look into Scieron and Vawtrak. Two different malware that implements layers differently. We will see some video demo on how some of the malware code are executed within the context of a debugger.
Finally, we are going to leverage Volatility, a memory forensic tool, to detect the presence of layers in an infected system.
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneAlienVault
Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks. These can be very difficult to detect since they happen as users are going about their normal business. Join us a technical demo to watch a live example of this attack and how to detect it immediately using AlienVault USM.
Pentesting? What is Pentesting? Why Pentesting?
Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches
This is my presentation in JWC 4th Event Computer and Network Security FOrum at Binus International University. I talk about how to setup your own malware lab for malware analysis purpose.
A look at computer network defense techniques and strategies that actually work in a world of blinky light sales. Strait up defense served with a side of sarcasm.
Should I buy product $x from $vendor_y or product $y from $vendor_x? Probably neither. Come hear how you can get back to security basics to keep your organization from getting owned and discover when you are owned with a lot of tools you already have. No sales, no magic, just real world security for people that want to defend their organization.
Watchtowers of the Internet - Source Boston 2012Stephan Chenette
Watchtowers of the Internet: Analysis of Outbound Malware Communication, Stephan Chenette, Principal Security Researcher, (@StephanChenette) & Armin Buescher, Security Researcher
With advanced malware, targeted attacks, and advanced persistent threats, it’s not IF but WHEN a persistant attacker will penetrate your network and install malware on your company’s network and desktop computers. To get the full picture of the threat landscape created by malware, our malware sandbox lab runs over 30,000 malware samples a day. Network traffic is subsequently analyzed using heuristics and machine learning techniques to statistically score any outbound communication and identify command & control, back-channel, worm-like and other types of traffic used by malware.
Our talk will focus on the setup of the lab, major malware families as well as outlier malware, and the statistics we have generated to give our audience an exposure like never before into the details of malicious outbound communication. We will provide several tips, based on our analysis to help you create a safer and more secure network.
Stephan Chenette is a principal security researcher at Websense Security Labs, specializing in research tools and next generation emerging threats. In this role, he identifies and implements exploit and malcode detection techniques.
Armin Buescher is a Security Researcher and Software Engineer experienced in strategic development of detection/prevention technologies and analysis tools. Graduated as Dipl.-Inf. (MSc) with thesis on Client Honeypot systems. Interested in academic research work and published author of security research papers.
The Lazy Attacker: Defending Against Broad-based Cyber AttacksAlienVault
Advanced Persistent Attacks (APTs) get most of the attention from the cyber security community because, as defenders, we want to be vigilant against the most insidious techniques. However, this unilateral mindset ignores a much less interesting reality.
Training on July 16, 2017.
This training is the compressed version of Malware Engineering & Crafting.
In this training, we will talk about malware as well as crafting the simple working malware. The goal of this session is to understanding malware internal so one can have tactics to combat it.
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
How to (Not) Get Hacked - A Webinar by Greg Shields that discusses how activities such as Network Scanning, Vulnerability Scanning and Patch Management can ensure that your Network Security never gets breached.
Dayton Microcomputer Association (DMA):
April 2020 - Online Meeting
Date: April 28, 2020
Topic: Stupid Cyber Criminal Tricks and How to Combat Them
Speaker: Matt Scheurer
This talk covers various techniques used by cyber criminals, and how to spot them. This is the accompanying slide deck for a presentation that covers live demos. Who does not love a good cyber-crime story?
This was the five minute pitch that David and group pulled together at the WG2 barcamp. This will be a start for a community developed document to help field questions about oss and security within the military.
We are delighted to have Gary Miliefsky on our second Hacker Hotshot of 2013! Gary is the Editor of Cyber Defense Magazine, which he recently founded after years of being a cover story author and regular contributor to Hakin9 Magazine. In partnership with UMASS, he started the Cyber Defense Test Labs to perform independent lab reviews of next generation information security products. Gary is also the founder of NetClarity, Inc., which is the world's first next generation agentless, non-inline network access control (NAC) and bring your own device (BYOD) management appliances vendor based on a patented technology which he invented.
Web security – application security roads to software security nirvana iisf...Eoin Keary
Approaching Web Security, Secure application development and how to fix what matters. A useful talk for application developers and security experts alike.
Co Speaker: Cheryl Biswas
Talk Description:
How about this: a blue team talk given by red teamers. But here’s our rationale - your best defence right now is a strategic offence. The rules of the game have changed and we need to get defence up to speed.
We’ll show you what the key elements are in a good defence strategy; what you can and need to be using to full advantage. We’ll talk about the new “buzzwords” and how they apply: visibility; patterns; big data. There’s a whole lotta data to wrangle, and you aren’t seeing the whole picture if you aren’t doing things right. Threat intel is about getting the big picture as it applies to you. You’ll learn the importance of context and prioritization so that you can manipulate intel feeds to do your bidding. And then we’ll take things further and talk about hunting the adversary, using an update on proven methodologies.
We’ll show you how to understand your data, correlate threats and pin point attacks. Attendees will leave with a new understanding of the resources they have on hand, and how to leverage those into an Adaptive Proactive Defense Strategy.
SentinelOne was founded in 2013 by an elite group of cybersecurity and defense experts who share a strong passion for disruption, and a clear vision for a path forward in a post-antivirus era. Building on their experiences learned at Check Point Software Technologies, IBM, Intel Security, Palo Alto Networks, and White Hat Security, the team is committed to the mission of defeating advanced cyber threats and instilling confidence in our digital way of life.
Find out more at https://sentinelone.com
Presented on May 9, 2018 at SOURCE Conference Boston
(https://sourceconference.com/events/bos18/).
This version contains minor updates from previous presentations.
This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
This document tries to explain on a non-technical level how SOPA will not be able to do what it is intended for but will also break DNSSEC at the same time. Forward this to anybody you know to convince them to express their support to SOPA resistance.
I've given different versions of this talk at different venues over the past 12 months. This is the most recent version as presented on 18/10/2011 at the Belgian ISSA chapter meeting.
This presentation was given at Excaliburcon in Wuxi, China and covers the use of open source solutions in a security infrastructure, with a special focus on OSSEC.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
3. About me
Wim Remes
Managing Consultant @ IOActive
Director @ (ISC)2
Organizer @ BruCON
(September 26-27 !!)
I don‟t teach, I share knowledge
(I hope to learn more from you than you learn from me)
5. What?
“Taking malware apart to study it.”
(it‟s that simple? Yes it is.)
Unless you work for an AV vendor, in
which case you are supporting a product and even
they automate A LOT.
12,000,000 samples in Q4 2012(1)
35,000+ mobile samples in Q4 2012(1)
(ain‟t nobody got time for that!)
(1) http://www.mcafee.com/us/security-awareness/articles/state-of-malware-2013.aspx
6. DO:
Understand your adversary
Gather intelligence
Share information
Protect BETTER!
AUTOMATE-AUTOMATE-AUTOMATE
DO NOT:
Waste time on random samples
Practice your reverse engineering fu
(most of the time)
Why?
7. Why?
“Attacker Profiling”
Indicators of compromise!
(IOCs)
Command and Control Servers?
Malware sources?
Traffic Patterns?
Registry Keys?
Behavioral Characteristics?
Know your enemy!
15. Tying it all together
Manual
analysis
Automated
Analysis
External
Sources
IOCs
Firewall
Configuration
IDS/IPS
Configuration
SIEM
Configuration
Industry/Peer
Sharing
16. Tips & Tricks
Incubation
(not for the faint of heart)
a) You want to gather more intelligence
b) You want to profile attackers
Attackers introducing new techniques?
Introducing „next level‟ attackers?
Reselling of compromised machines?
You can learn A LOT!
17. Tips & Tricks
Anti Reverse Engineering
Exploiting weaknesses in RE Tools
Anti Disassembly
Anti Debugging
Anti VM Techniques
Packers
“it takes one to know one.”
Ref. “Practical Malware Analysis”
By Michael Sikorski and Andrew Honig>
18. By Example – ‘Magneto’
A malware that exploits a buffer overflow condition in
Firefox 17.
Believed to be used against users of „malicious‟ TOR
.onion sites.
https://code.google.com/p/caffsec-malware-
analysis/source/browse/trunk/TorFreedomHosting/
19. By Example – ‘Magneto’
Attacks the browser
iframe attack + buffer overflow
Sends hostname+mac address
to remote server
Analysis tools fail because „sessionStorage‟ and
„ArrayBuffer‟ are not recognized.
20. By Example – ‘Magneto’
Attack
Browser
Execute
Shellcode
Gather
Information
Exfiltrate
Information
Learn attacker techniques
Correlate attacker behaviour
Identify coders/ code sharing?
Identify targeted assets
Attribution?
Correlation
…
21. Summary
Goal = Protecting Better
NOT
“Trying to beat them”
There are automation tools, use them.
Know your tools and their limitations.
Know the attacker‟s toolset too
Share knowledge/intelligence
22. Q & A
Thank you !
wim.remes@ioactive.co.uk
@wimremes on twitter
Editor's Notes
Malware Analysis is somewhat regarded as a dark art … it’s also become one of the primary sources of focused security intelligence for security teams. Nowhere can you learn more about your attackersAnd how they leverage weaknesses in your infratstructure. Let alone learning about what they are interested in.