Targeted Malware Final Form (APTrololol)

Presented at THOTCON 0x5 (2014), April 25, 2014, 5 p.m. (50 minutes)

Targeted malware is constantly evolving in an attempt to outsmart and outwit incident responders and reverse engineers. However, many pieces of malware currently being used in the field by targeted threat actors are easily reversed and understood with little to no effort. This talk presents our process creating a more advanced "advanced persistent threat". Leveraging our experience in incident response and malware analysis, we created our own malware that attempts to thwart response efforts at every step of the process. While the subject of the talk is about the malware we are writing, the audience will inevitably leave with a handful of tips and tricks from the front lines of reverse engineering and incident response.

Presenters:

• Wartortell   as wartortell
  Wartortell is a computer that makes malware go backwards. He worked in binary rewriting, x86 disassembly, and binary transparency analysis. He is also really good at casting Ice Punch and going hard in the paint.
• Josh Schwartz / FuzzyNop   as fuzzynop
  FuzzyNop is a computer who knows how to computer. As a child his computers always told him he should do computers. At his day job he’s a penetration tester, reverse engineer, and incident responder, but above all else… computer.

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!
• BSidesLV 2016 / Don't Repeat Yourself: Automating Malware Incident Response for Fun and Profit
• BSidesSF 2014 / Targeted Malware Final Form (APTrololol)