Malware Analysis: Collaboration, Automation & Training

Presented at ShmooCon IX (2013), Unknown date/time (Unknown duration).

Whether you're a novice or a professional at analyzing malicious code, you'll have a desire to learn or pass on that skill. Most malicious code analysis is performed by a single analyst, some times with collaboration tools for sharing comments on code between two or more analysts. In this presentation you will learn how to set up a virtualized analysis environment that is suitable for solo analysis, training a classroom of students, passing an analysis VM between analysts, and a self-service analysis "session" playback of previous analysis sessions. All of this while not getting in your way, and making efficient use of RAM & disk space.

Presenters:

• Richard Harman
  Richard Harman is an incident responder at SRA International's internal Security Operations Center, where he slings Perl code supporting incident response and performs analysis & reverse engineering of targeted attack malware samples. He writes and releases many Perl scripts in support of his work on github at github.com/warewolf. Outside of his day job, he can be found hacking firmware on his Mini Cooper at the Nova Labs makerspace in Reston, VA.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2013/ShmooCon 2013 Videos/Malware Analysis - Collaboration, Automation & Training.mp4

Similar Presentations:

• REcon 2013 / Hybrid Code Analysis: Overcoming Weaknesses of Dynamic Analysis in Malware Forensics
• Black Hat USA 2012 / Flowers for Automated Malware Analysis
• ShmooCon IX (2013) / Mastiff: Automated Static Analysis Framework