Presented at DEF CON 14 (2006)
Aug. 4, 2006, 2 p.m.
The proliferation of malware is a serious problem, which grows in sophistication and complexity every day, but with this growth, comes a price. The price that malware pays for advanced features and sophistication is increased vulnerability to attack. Malware is a system, just like an OS or application. Systems employ security mechanisms to defend themselves and also suffer from vulnerabilities which can be exploited. Malware is no different.
Malware authors are employing constantly evolving techniques including binary obfuscation, anti-debugging and anti-analysis, and built in attacks against protection systems such as anti-virus software and firewalls.
This presentation will dig into these techniques and explain the basics. The idea of an open source malware analysis and research community will be explored. All the things the Anti-Virus vendors don't want you to know will be discussed. Methods for bypassing malware's security systems will be presented. These methods include detecting and defeating packers/encoders, hiding the debugger from the malware, and protecting analysis virtual machines. We will hack the malware.
- co-founder Offensive Computing
Danny Quist (Chamuco) is a computer security professional who has been interested in malware and hacking ever since the Michelangelo computer virus was released many years ago. He has written several defensive systems to mitigate virus attacks on networks and developed a generic network quarantine technology. He consults both with both private and public sectors on system and network security projects. His interests include malware defense, reverse engineering, exploitation methods, virtual machines, and automatic classification systems.
Valsmith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on problems for both the government and private sectors. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. Valsmith is a member of the Cult of the Dead Cow NSF. He also works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Valsmith founded Offensive Computing, a public, open source malware research project.