Tricks for the Triage of Adversarial Software
2021-08-07, 11:00–12:30, Workshops Track 1

A malware analysis and triage workshop covering quick static and dynamic analysis techniques along with common adversarial obfuscation techniques. Followed by a short malware analysis tournament challenge with gift-card prizes.

The workshop will cover techniques outlined in Malware Analysis Techniques (Published by Packt), written and delivered by myself, Dylan Barker, and the Technical Reviewer Quinten Bowen.

We'll examine ways to de-obfuscate common malicious scripts and droppers utilized in real-world attacks by threat actors such as those responsible for DarkSide ransomware and Emotet Banking Trojan threats.

Also covered will be ascertaining the capabilities and instruction flow of malware within NSA's Ghidra framework, crafting IOCs based on PE characteristics, and advanced dynamic analysis techniques including utilizing tools such as Inetsim, ProcDot, and manually unpacking malicious samples using debuggers to closely examine them without obfuscation.

The second half of the workshop will revolve around utilizing these techniques to answer questions, which will be scored on time and accuracy utilizing a CTF framework.

Dylan Barker is a technology professional with 10 years' experience in the information security space, in industries ranging from K12 and telecom to financial services. He has held many distinct roles, from security infrastructure engineering to vulnerability management. In the past, he has spoken at BSides events and has written articles for CrowdStrike, where he is currently employed as a senior analyst.

Quinten Bowen is an Information Security Professional who works as a Senior Analyst at CrowdStrike. Additionally, Quinten has expertise in malware analysis, penetration testing, threat hunting, and incident response in enterprise environments, holding relevant certifications such as GREM, OSCP, eCPPT, and eCMAP. Quinten spends his off-time volunteering for the Collegiate Cyber Defense Competition (CCDC), mentoring, and can be found around a table playing D&D.