Watch Out! And just skip the packer
2021-08-06, 16:30–18:00, Workshops Track 2

Analyzing malware is not an easy task. It is a slow process that becomes even more challenging with all the different protections added by threat actors to hide their secrets.

Several techniques could be used to obscure malicious code, however one most commonly used are the packers. Nowadays, almost every malicious piece of code uses a packer; so, if you really want to understand its inner workings you must first defeat its packer. But do you know how to get rid of this defense without losing your mind? Well, join me and we will find out.

Malware remains as one of the most effective tools used by cyber criminals to commit fraud. Far from now are the days in which viruses were just jokes. And, it is not me being dramatic, just look at the news and you will see that this situation is getting worse every day.

There are several reasons that make these threats successful, including but not limited to:

  • Launching a malware attack is NOT rocket science, you can find open source or leaked code on Github and even tutorials on Youtube.
  • They come in different flavors according to your needs, from very simple keyloggers to highly modular botnets that can be updated on the fly.
  • If you don’t want to deal with technical stuff, you can even buy malware-as-a-service (and you could get 24/7 support).

For us as defenders, understanding the technical details of these type of threats is not an easy task, it requires specialized tools and skills and even with those, be aware that bad guys will always try to obscure their creations to slow down the analysis. This sounds scary, and especially intimidating if it is your first time dealing with these "creatures"; but it is not the end of the world, we just need to adapt and overcome these challenges.

Join me in this workshop if you want to learn several techniques that will help you to get rid of the first and most common type of defense implemented by malware to hide its secrets (packers/crypters). Let's remove their armors and see what is hidden behind!

Note: Don't forget to download, unzip and import the required VM appliance from the following link.

Malware researcher, CEH, GREM, electronics geek, IoT enthusiast, programmer, drone lover and machine learning fan. Just hunting malware for fun!