SlideShare ist ein Scribd-Unternehmen logo

Dissecting the Hack: Malware Analysis 101

Rochester Security Summit
Rochester Security Summit

Dissecting the Hack: Malware Analysis 101 is designed to be an introduction into the world of malware analysis. This presentation will begin with a brief 5 to 10 minute introduction to some malware analysis theory, followed by a live demonstration that will take the audience through an in-depth behavioral and code analysis of a select piece of malware. This demonstration will include techniques using free open source tools such as detecting packers and unpacking, file and registry analysis, and in depth code analysis. Gerry Brunnelle, System Security Engineer, Boeing Gerry Brunelle is currently a System Security Engineer for Boeing in the Washington, D.C. area. He is also currently a candidate for a MS in Computer Security and Information Assurance from RIT and has a BS in Network and System Administration from RIT. He has participated in various security groups and competitions, and designed and ran the Capture the Flag event for the Rochester Security Summit in 2009.

Technologie
1 von 11
Downloaden Sie, um offline zu lesen
Dissecting the Hack Malware Analysis 101 Sunday, September 19, 2010
Who am I? Gerry Brunelle System Security Engineer for Boeing Sunday, September 19, 2010
What were covering Malware 101 Analysis 101 evil.exe Sunday, September 19, 2010
Malware 101 So..what is malware? A piece of software that accesses a computer secretly without the owners consent Some types are viruses, rootkits, and trojans Are designed to do almost anything Sunday, September 19, 2010
Malware 101 How does malware affect you? Steals information from your systems Compromises integrity of you data Cripples networks Sunday, September 19, 2010
Analysis 101 2 Types Behavioral analysis Code analysis Sunday, September 19, 2010
Analysis 101 Behavioral analysis What the malware does File creation/modification Network activity Registry activity Sunday, September 19, 2010
Analysis 101 Code analysis What you can’t observe Code characteristics Packing/unpacking Embedded information Sunday, September 19, 2010
Our scenario User calls stating their machine is slow Escalated to L2 support for on-site On-site tech observes odd behavior evil.exe running Connected to port 1337 somewhere Tech refers case to Security Operations Center Sunday, September 19, 2010
Our Scenario SOC CIRT Team mobilized They are now observing multiple infections Estimated infections at ~1000 Traffic is now crippling traffic at the border Have received evil.exe for analysis Sunday, September 19, 2010
Our scenario Time to do some hacking... Sunday, September 19, 2010

Empfohlen

3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
Ana Meskovska
 
Web Servers
Web ServersWeb Servers
Web Servers
webhostingguy
 
Computer Security
Computer SecurityComputer Security
Computer Security
Frederik Questier
 
Software theft
Software theftSoftware theft
Software theft
chrispaul8676
 
Hacking
HackingHacking
Hacking
powerpointking1
 
IoT Device Security Tips
IoT Device Security TipsIoT Device Security Tips
IoT Device Security Tips
Centextech
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
Ankur Kumar
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 

Empfohlen

3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
Ana Meskovska
 
Web Servers
Web ServersWeb Servers
Web Servers
webhostingguy
 
Computer Security
Computer SecurityComputer Security
Computer Security
Frederik Questier
 
Software theft
Software theftSoftware theft
Software theft
chrispaul8676
 
Hacking
HackingHacking
Hacking
powerpointking1
 
IoT Device Security Tips
IoT Device Security TipsIoT Device Security Tips
IoT Device Security Tips
Centextech
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
Ankur Kumar
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Computer Security
Computer SecurityComputer Security
Computer Security
William Mann
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Aditya Vikram Singhania
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
Srinu Potnuru
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Rishabha Garg
 
Computer security
Computer securityComputer security
Computer security
Shashi Chandra
 
Computer security and
Computer security andComputer security and
Computer security and
Rana Usman Sattar
 
Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer security
SoundaryaB2
 
1 security goals
1 security goals1 security goals
1 security goals
drewz lin
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Sourabh Goyal
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abuse
Prakash Raval
 
Digital Security Slide Show
Digital Security Slide ShowDigital Security Slide Show
Digital Security Slide Show
zed_o07
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
Dnyaneshwar Beedkar
 
Securing Devices at Home
Securing Devices at HomeSecuring Devices at Home
Securing Devices at Home
Symptai Consulting Limited
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
Adeel Khurram
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
Computer security
Computer securityComputer security
Computer security
EktaVaswani2
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
Frederik Questier
 
"Using cryptolockers as a cyber weapon", Alexander Adamov
"Using cryptolockers as a cyber weapon", Alexander Adamov"Using cryptolockers as a cyber weapon", Alexander Adamov
"Using cryptolockers as a cyber weapon", Alexander Adamov
HackIT Ukraine
 
Kernel.org Hacked & Rooted
Kernel.org Hacked & RootedKernel.org Hacked & Rooted
Kernel.org Hacked & Rooted
Intizone @ Blogging Zone
 
network security lec2 ccns
network security lec2 ccnsnetwork security lec2 ccns
network security lec2 ccns
Danish Mahmood
 
Computer security
Computer securityComputer security
Computer security
INGAMULE SIRAJI
 

Weitere ähnliche Inhalte

Was ist angesagt?

Computer security basics
Computer security basicsComputer security basics
Computer security basics
Srinu Potnuru
 
1 security goals
1 security goals1 security goals
1 security goals
drewz lin
 

Was ist angesagt? (20)

Computer Security
Computer SecurityComputer Security
Computer Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Computer security
Computer securityComputer security
Computer security
 
Computer security and
Computer security andComputer security and
Computer security and
 
Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer security
 
1 security goals
1 security goals1 security goals
1 security goals
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abuse
 
Digital Security Slide Show
Digital Security Slide ShowDigital Security Slide Show
Digital Security Slide Show
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Securing Devices at Home
Securing Devices at HomeSecuring Devices at Home
Securing Devices at Home
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Computer security
Computer securityComputer security
Computer security
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
 
"Using cryptolockers as a cyber weapon", Alexander Adamov
"Using cryptolockers as a cyber weapon", Alexander Adamov"Using cryptolockers as a cyber weapon", Alexander Adamov
"Using cryptolockers as a cyber weapon", Alexander Adamov
 
Kernel.org Hacked & Rooted
Kernel.org Hacked & RootedKernel.org Hacked & Rooted
Kernel.org Hacked & Rooted
 

Ähnlich wie Dissecting the Hack: Malware Analysis 101

SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
haney888
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
Information Technology
 

Ähnlich wie Dissecting the Hack: Malware Analysis 101 (20)

network security lec2 ccns
network security lec2 ccnsnetwork security lec2 ccns
network security lec2 ccns
 
Computer security
Computer securityComputer security
Computer security
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
 
Security
SecuritySecurity
Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
COMPUTER NETWORKS IOT BASED.pptx
COMPUTER NETWORKS IOT BASED.pptxCOMPUTER NETWORKS IOT BASED.pptx
COMPUTER NETWORKS IOT BASED.pptx
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
 
Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A Discussion
 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to Infrastructure
 
Computer security
Computer securityComputer security
Computer security
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
mypresentation.pdf
mypresentation.pdfmypresentation.pdf
mypresentation.pdf
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
IoT Security.pdf
IoT Security.pdfIoT Security.pdf
IoT Security.pdf
 
A Quick Guide On What Is IoT Security_.pptx
A Quick Guide On What Is IoT Security_.pptxA Quick Guide On What Is IoT Security_.pptx
A Quick Guide On What Is IoT Security_.pptx
 

Mehr von Rochester Security Summit

IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
Rochester Security Summit
 
Radio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration TestingRadio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration Testing
Rochester Security Summit
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
Rochester Security Summit
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
Rochester Security Summit
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Rochester Security Summit
 
Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)
Rochester Security Summit
 
GRC– The Way Forward
GRC– The Way ForwardGRC– The Way Forward
GRC– The Way Forward
Rochester Security Summit
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public Cloud
Rochester Security Summit
 
Finding Patterns in Data Breaches
Finding Patterns in Data BreachesFinding Patterns in Data Breaches
Finding Patterns in Data Breaches
Rochester Security Summit
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork Quilt
Rochester Security Summit
 
It's All About the Data!
It's All About the Data!It's All About the Data!
It's All About the Data!
Rochester Security Summit
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
Rochester Security Summit
 
A Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetA Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT Budget
Rochester Security Summit
 
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Rochester Security Summit
 
Firewall Defense against Covert Channels
Firewall Defense against Covert Channels Firewall Defense against Covert Channels
Firewall Defense against Covert Channels
Rochester Security Summit
 

Mehr von Rochester Security Summit (16)

IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
Radio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration TestingRadio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration Testing
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)
 
GRC– The Way Forward
GRC– The Way ForwardGRC– The Way Forward
GRC– The Way Forward
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public Cloud
 
Finding Patterns in Data Breaches
Finding Patterns in Data BreachesFinding Patterns in Data Breaches
Finding Patterns in Data Breaches
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork Quilt
 
It's All About the Data!
It's All About the Data!It's All About the Data!
It's All About the Data!
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
 
A Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetA Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT Budget
 
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Firewall Defense against Covert Channels
Firewall Defense against Covert Channels Firewall Defense against Covert Channels
Firewall Defense against Covert Channels
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Kürzlich hochgeladen (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

Dissecting the Hack: Malware Analysis 101

  • 1. Dissecting the Hack Malware Analysis 101 Sunday, September 19, 2010
  • 2. Who am I? Gerry Brunelle System Security Engineer for Boeing Sunday, September 19, 2010
  • 3. What were covering Malware 101 Analysis 101 evil.exe Sunday, September 19, 2010
  • 4. Malware 101 So..what is malware? A piece of software that accesses a computer secretly without the owners consent Some types are viruses, rootkits, and trojans Are designed to do almost anything Sunday, September 19, 2010
  • 5. Malware 101 How does malware affect you? Steals information from your systems Compromises integrity of you data Cripples networks Sunday, September 19, 2010
  • 6. Analysis 101 2 Types Behavioral analysis Code analysis Sunday, September 19, 2010
  • 7. Analysis 101 Behavioral analysis What the malware does File creation/modification Network activity Registry activity Sunday, September 19, 2010
  • 8. Analysis 101 Code analysis What you can’t observe Code characteristics Packing/unpacking Embedded information Sunday, September 19, 2010
  • 9. Our scenario User calls stating their machine is slow Escalated to L2 support for on-site On-site tech observes odd behavior evil.exe running Connected to port 1337 somewhere Tech refers case to Security Operations Center Sunday, September 19, 2010
  • 10. Our Scenario SOC CIRT Team mobilized They are now observing multiple infections Estimated infections at ~1000 Traffic is now crippling traffic at the border Have received evil.exe for analysis Sunday, September 19, 2010
  • 11. Our scenario Time to do some hacking... Sunday, September 19, 2010