Learning how to Machine Learn - Classifying MachO Malware

Presented at Objective by the Sea version 5.0 (2022), Oct. 6, 2022, 3:25 p.m. (25 minutes).

When we're investigating a large quantity of potentially malicious samples every day, it can be helpful to automatically triage them to know what to put in front of an analyst. Sometimes we can check external sources like Virus Total, but other times we have sensitive samples we can't submit or hashes are not found. Machine learning is one way to bucket Mach-O files as malicious or benign, or packed or not. \n\n In this talk, we'll walk through the steps to collect data and build a malware classification model for Mach-O using static analysis techniques.

Presenters:

• Kimo Bumanglag - Senior Security Engineer at Amazon
  Kimo is a senior security engineer at Amazon. As part of the Consumer Security Threat Intelligence team, he helps protect Amazon's customers by proactively identifying threats and malicious actors. \n\n He is also a cyber warfare officer with the Maryland Air National Guard and a lecturer at the Johns Hopkins University.

Links:

• https://objectivebythesea.org/v5/talks.html#Speaker_17
• https://infocon.org/cons/Objective by the Sea/Objective by the Sea 5 2023/Learning how to Machine Learn - Classifying MachO Malware - Kimo Bumanglag.mp4
• https://infocon.org/cons/Objective by the Sea/Objective by the Sea 5 2023/Learning how to Machine Learn - Classifying MachO Malware - Kimo Bumanglag.eng.srt (subtitles)
• https://www.youtube.com/watch?v=59RtyIjyRuQ

Similar Presentations:

• ToorCon: Seattle 2008 / Malware Classification using Machine Learning
• VB2016 / Automatic Classifying of Mac OS X Samples
• DEF CON 32 (2024) / Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection Workshop