With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. While many analysts have a grasp on how to appropriately reverse malware, there is large room for improvement by extracting critical indicators, correlating on key details, and cataloging artifacts in a way to improve your corporate response for the next attack. This talk will cover beyond the basics of malware analysis and focus on critical indicators that should analysts should focus on for attribution and better reporting.
Sudit et al, Towards Impact Assessment Automation for Multi-Stage Cyber Attacks - http://www.rit.edu/~w-cmmc/research/Sudit.pdf
This is a CVE-2010-3333 exploit, but what we should focus on is the shellcode used as part of the attack. Is it unique? How is the payload encoded? Is it unique? Is there a file marker?
For decrementing 256 byte XOR, what’s the starting byte? Are there payload markers (4-byte strings)
This is a CVE-2010-3333 exploit, but what we should focus on is the shellcode used as part of the attack. Is it unique? How is the payload encoded? Is it unique? Is there a file marker?
For decrementing 256 byte XOR, what’s the starting byte? Are there payload markers (4-byte strings)
This is a CVE-2010-3333 exploit, but what we should focus on is the shellcode used as part of the attack. Is it unique? How is the payload encoded? Is it unique? Is there a file marker?
For decrementing 256 byte XOR, what’s the starting byte? Are there payload markers (4-byte strings)
This is a CVE-2010-3333 exploit, but what we should focus on is the shellcode used as part of the attack. Is it unique? How is the payload encoded? Is it unique? Is there a file marker?
For decrementing 256 byte XOR, what’s the starting byte? Are there payload markers (4-byte strings)