Reverse engineering all the malware...and why you should stop.

Presented at DerbyCon 6.0 Recharge (2016), Sept. 24, 2016, 5 p.m. (50 minutes)

Reverse engineering malware isn’t about pulling out a bunch of IOC’s anymore, hell, Cuckoo can do that just fine the majority of time. I’ll admit, there are a few times when we see customized malware or a new variant that we need to RE in order to pull out some uniqueness in a quick fashion, but most static signatures can be written with a hex editor and Strings... So why do we reverse engineer malware still? Well, who do you think builds the automated analysis tools and sandboxes? It’s a group of extremely talented software developers and a few reverse engineers who are tired of spending their time writing string decoders for PlugX. This talk will discuss some of the more menial tasks that reverse engineers are plagued with and then dive deeper into the types of projects that can really take advantage of this unique skill set along with utilizing reverse engineers to improve on your own security tools and those in our opensource community. Remember, if Cuckoo can do it then you shouldn’t have to.

Presenters:

• Brandon Young

Similar Presentations:

• ShmooCon I (2005) / Reverse Engineering for Fun and BoF It!
• GrrCON 2019 / Reverse Engineering Malware for N00bs
• DerbyCon 6.0 Recharge (2016) / Writing malware while the blue team is staring at you