Analyzing Malware... By Creating It

Presented at Kernelcon 2023, April 15, 2023, 1:30 p.m. (60 minutes)

Often, malware analysis is taught by wading knee deep in obfuscated code. Most beginners haven’t developed the “spidey-sense” that allows them to separate the signal from the noise, leading to frustration and slow progress. This talk is intended as an introduction to malware analysis on Windows and will walk through patterns in script and binary based malware using small “toy” examples, red team frameworks, and in-the-wild samples.

Presenters:

• Zack Fink - Red Canary
  Zack is a Senior Incident Handler at Red Canary where he helps customers of all sizes respond to threats. When not in front of a keyboard, he's often found trudging through the frozen tundra of the Upper Midwest, occasionally on horseback.

Similar Presentations:

• ekoparty 14 (2018) / To Execute or Not to Execute. How to Build a Malware Execution Lab
• Black Hat USA 2012 / Flowers for Automated Malware Analysis
• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!