Introducing CSE's open source AssemblyLine: High-volume malware triaging and analysis

Presented at Hackfest 2017, Nov. 4, 2017, 10 a.m. (Unknown duration)

The Communications Security Establishment (CSE), Canada's national cryptologic agency and a leading expert in cyber security, believes in fostering collaboration and innovation. For the first time ever, CSE is releasing one of its own tools to the public as an open source platform. Developed internally, AssemblyLine is a cyber defence framework designed to perform distributed analytics at scale, focusing primarily on detecting and analyzing malicious files. Learn how AssemblyLine can not only minimize the number of innocuous files that cyber security professionals are required to inspect every day, but how you can collaborate with others to customize and improve the platform.

Presenters:

• John O'Brien
  Steve Garon is an IT analyst at the Communications Security Establishment (CSE) and the lead developer for Assemblyline. Steve has been at CSE for 11 years and began as an analyst working on malware reverse engineering. His wish to speed up the process of triaging malware detection eventually lead to the creation of Assemblyline, which he has worked on for seven years. Steve is from Rimouski, Quebec and holds a Bachelor degree in Computer Science from the Université de Sherbrooke. John O'Brien is a Senior Technical Advisor with the Communications Security Establishment (CSE), currently working for the organization's Cyber Defence program. John has 12 years of experience in the field of incident response and forensics, spending 6 years as a senior IT security specialist with a focus on malware reverse engineering and the next 6 years leading a team specializing in malware triaging and detection. Since 2005, he has participated in the response efforts to a majority of compromises that have targeted the Government of Canada. John holds a Bachelor's degree in Computer Science from the University of New Brunswick.
• Steve Garon
  Steve Garon is an IT analyst at the Communications Security Establishment (CSE) and the lead developer for Assemblyline. Steve has been at CSE for 11 years and began as an analyst working on malware reverse engineering. His wish to speed up the process of triaging malware detection eventually lead to the creation of Assemblyline, which he has worked on for seven years. Steve is from Rimouski, Quebec and holds a Bachelor degree in Computer Science from the Université de Sherbrooke. John O'Brien is a Senior Technical Advisor with the Communications Security Establishment (CSE), currently working for the organization's Cyber Defence program. John has 12 years of experience in the field of incident response and forensics, spending 6 years as a senior IT security specialist with a focus on malware reverse engineering and the next 6 years leading a team specializing in malware triaging and detection. Since 2005, he has participated in the response efforts to a majority of compromises that have targeted the Government of Canada. John holds a Bachelor's degree in Computer Science from the University of New Brunswick.

Links:

• https://hackfest.ca/en/2017/speakers2017/#assemblyline
• https://infocon.org/cons/Hackfest/Hackfest 9 2017/Introducing CSE’s open source AssemblyLine (Steve Garon & John O’Brien).mp4
• https://infocon.org/cons/Hackfest/Hackfest 9 2017/Introducing CSE’s open source AssemblyLine (Steve Garon & John O’Brien).en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=bsOlDOHAL8Y

Similar Presentations:

• DEF CON 20 (2012) / The Open Cyber Challenge Platform Project