Presentation Title HITB LAB – Malware Analysis Workshop (Tools and Methodologies)
Presentation Abstract
Wes Brown, a Principal Security Consultant with IOActive, has spoken in the past about automating malware. Now that a framework has been established to analyze malware, a workshop will be conducted on methodologies and techniques used to conduct this process manually but aided by automated tools. A LiveCD will be provided to workshop attendees containing a full malware analysis environment. This environment is a further evolution of the prototype that was shared in the past, and is user-extendable should you desire to add your own tools and modifications to it.
Among the techniques reviewed will be memory inspection, debugging, hooking, as well as PE file examination. Techniques that malware use to avoid being inspected will be discussed along with ways to work around them. The malware workshop environment will also be walked through and each tool demonstrated so that the workshop attendee would leave with a good grasp of how and when to use them.
About Wes
As a Principal Security Consultant at IOActive, Wes Brown works with clients to discover and solve network and application problems that threaten their business goals and assets. In addition to his direct efforts on penetration tests, security reviews, and network and application audits, Brown pioneered the concept of injectable virtual machines, which he presented at several internationally-renowned
security conferences.
Brown is an expert at reverse engineering, having worked with security biometric devices, Intel’s HECI transport, encryption algorithms, and proprietary communication and switching protocols. He has developed protocol intercept code, device communication protocols, test and fuzzing frameworks, and malware analysis frameworks.