Malware Datamining And Attribution

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration)

Greg Hoglund explained at BlackHat 2010 that the development environments that malware authors use leaves traces in the code which can be used to attribute malware to a a individual or a group of individuals. Not with the precision of name, date of birth and address but with evidence that a arrested suspects computer can be analysed and compared with the "tool marks" on the collected malware sample.

Presenters:

• Michael Boman - Independent Researcher
  Security consultant during daytime, malware researcher at nighttime. My latest claim to fame is the MART Project (Malware Analysts Research Tool) which is more like a collection of tools and procedures then a stand-alone application. MART allows a malware analyst to quickly analyse malware on a limited time and budget.

Links:

• https://deepsec.net/archive/2013.deepsec.net/speaker.html#PSLOT112

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Writing malware while the blue team is staring at you
• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!
• Black Hat USA 2015 / Harnessing Intelligence from Malware Repositories