Making Fun of Your Malware

Presented at DEF CON 17 (2009), July 31, 2009, 2:30 p.m. (50 minutes).

Would you laugh if you saw a bank robber accidentally put his mask on backwards and fall into a man hole during the getaway, because he couldn't tell where he was going? Criminals do ridiculous things so often, its impossible to capture them all on video. Rest assured, when the criminals are malware authors, we can still make fun of them through evidence found in pictures, binary disassemblies, packet captures, and log files. This talk evenly distributes technical knowledge and humor to present the funniest discoveries related to malware authors and the fight against their code.


Presenters:

  • Michael Ligh - Malicious Code Analyst, iDefense
    Michael Hale Ligh is a malicious code analyst at Verisign iDefense. He specializes in designing tools for malware detection, decryption, and investigation. Michael obtained his masters in forensic computer investigation in 2004 and began providing Internet security services to financial institutions. He then gained interest in vulnerability research and has been credited with locating critical flaws in products such as Tumbleweed MailGate, Novell iMonitor/eDirectory, Symark PowerBroker, and F5 FirePass SSL VPN. Michael is a member of ZERT and has submitted winning entries in malware related contests/challenges run by SANS, Honeynet, and Hacker Challenge.
  • Matthew Richard - Malicious Code Operations Lead, Raytheon Corporation
    Matt Richard is Malicious Code Operations Lead at Raytheon Corporation. At Raytheon he is responsible for analyzing and reporting on samples of unknown malicious code and other suspicious activity. Matt was previously Director of Rapid Response at iDefense. For 7 years before that, Matt created and ran a managed security service used by 130 banks and credit unions. In addition he has done independent forensic and security consulting for a number of national and global companies. Matt has written a number of tools including a web application testing tool, log management and intrusion detection application and an automated Windows forensics package. Matt currently holds the CISSP, GCIA, GCFA and GREM certifications.

Links:

Similar Presentations: