Malware analysis as a hobby - the short story (lightning talk)
-
Upload
michael-boman -
Category
Education
-
view
1.907 -
download
0
Transcript of Malware analysis as a hobby - the short story (lightning talk)
![Page 1: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/1.jpg)
Malware Analysis as a Hobby - the short story
Michael Boman - Security Consultant/Researcher, Father of 5
![Page 2: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/2.jpg)
The manual way
![Page 3: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/3.jpg)
DrawbacksTime consuming
Boring in the long run (not all malware are created equal)
![Page 4: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/4.jpg)
Choose any two….Cheap
FastGood
![Page 5: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/5.jpg)
Choose any two? Why not all of them?
I can do it cheaply (hardware and license cost-wise). Human time not included.
I can do it quickly (I spend up to 3 hours a day doing this, at average even less).
I get pretty good results (quality). Where the system lacks I can compensate for its shortcomings.
Cheap
FastGood
![Page 6: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/6.jpg)
AutomateEngineer yourself out of the workflow
Automate everything!
![Page 7: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/7.jpg)
Birth of theMART ProjectMalware Analyst Research Toolkit
![Page 8: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/8.jpg)
Components
![Page 9: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/9.jpg)
![Page 10: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/10.jpg)
Sample Acquisition• Public & Private Collections• Exchange with other malware analysts• Finding and collecting malware
yourself
![Page 11: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/11.jpg)
Sample Analysis• Cuckoo Sandbox• VirusTotal
![Page 12: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/12.jpg)
DEMO: Submit sample for analysis
![Page 13: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/13.jpg)
![Page 14: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/14.jpg)
Sample Reporting• Results are stored in MongoDB (optional)
• Accessed using a analyst GUI
![Page 15: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/15.jpg)
![Page 16: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/16.jpg)
![Page 17: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/17.jpg)
![Page 18: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/18.jpg)
![Page 19: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/19.jpg)
Budget Computer: €520
MSDN License: €800 (€590 renewal)
Year 1: €1320
Year N: €590
Money saved from stopped smoking (yearly): €2040
![Page 20: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/20.jpg)
Next steps• Barebone on-the-iron malware
analysis• Android platform support• OSX platform support• iOS patform support
![Page 21: Malware analysis as a hobby - the short story (lightning talk)](https://reader036.fdocuments.net/reader036/viewer/2022062418/55630f41d8b42a4b1d8b551e/html5/thumbnails/21.jpg)
Questions?