Targeted Malware Final Form (APTrololol)

Presented at THOTCON 0x5 (2014), April 25, 2014, 5 p.m. (50 minutes)

Targeted malware is constantly evolving in an attempt to outsmart and outwit incident responders and reverse engineers. However, many pieces of malware currently being used in the field by targeted threat actors are easily reversed and understood with little to no effort. This talk presents our process creating a more advanced "advanced persistent threat". Leveraging our experience in incident response and malware analysis, we created our own malware that attempts to thwart response efforts at every step of the process. While the subject of the talk is about the malware we are writing, the audience will inevitably leave with a handful of tips and tricks from the front lines of reverse engineering and incident response.


  • Josh Schwartz / FuzzyNop as fuzzynop
    FuzzyNop is a computer who knows how to computer. As a child his computers always told him he should do computers. At his day job he’s a penetration tester, reverse engineer, and incident responder, but above all else… computer.
  • Wartortell as wartortell
    Wartortell is a computer that makes malware go backwards. He worked in binary rewriting, x86 disassembly, and binary transparency analysis. He is also really good at casting Ice Punch and going hard in the paint.