What's Up Doc? - Self Learning Sandboxes to Defeat Modern Malwares Using RSA: Rapid Static Analysis

Presented at DeepSec 2020 „The Masquerade“, Unknown date/time (Unknown duration).

"Catch me if you can!" is the right phrase to describe today's malware genre. Malwares have become more stealthy, deadly and authors have become more wiser too.

What if sandboxes started performing rapid static analysis on malware files and passed on the metadata to spin a sandbox environment based on malware attributes and the malware does not evade? Well, the talk deals with about how to do RSA (Rapid Static Analysis, i coined it), pass on the attributes and how we defeat modern malwares by dynamically spinning sandboxes. RSA embedded in "H.E.L.E.N" and "Dummy" and how we extracted the real IOC from Ryuk forms the rest of the talk and story! The talk also covers how these key "attributes" that are extracted are used for ML, how we build bipartite graphs, build instruction based sequence detection models and win32 api based detection models "leveraging HELEN's intelligence".


Presenters:

  • Shyam Sundar Ramaswami - Lead Threat Researcher - Umbrella Security org - Cisco Systems
    Shyam Sundar Ramaswami is a TEDx speaker, Black Hat speaker, GREM certified malware analyst, Cisco Security black belt Ninja and teaches cyber security using "Batman" & "Avengers" characters. Shyam leads the Threat research group for Umbrella Asia Pacific and is a threat researcher at Cisco. Shyam has delivered talks at several conferences and universities like Black Hat (Las Vegas), Stanford University (Cyber Security Program), Qubit Forensics (Serbia), Nullcon 2020 (Goa), Cisco Live (Barcelona), IRespond (San Francisco), Defcon Packet Village (remote) and at several IEEE forums in India. Shyam also teaches cyber security " Advanced malware attack and defences" at Stanford's Cyber security program and runs a mentoring program called "being Robin" where he mentors students all over the globe on cyber security.

Links:

Similar Presentations: