BruCON 0x0D has ended
Back To Schedule
Thursday, October 7 • 14:00 - 18:00
Advanced Memory-Based Malware-Analysis: Mastering analysis of the one place malware can not hide! FILLING

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity filling up

Malware continues to advance in sophistication and prevalence.  Well-engineered malware can obfuscate itself from the user, network, and even the operating system running host-based security applications.  But one place malware cannot easily hide itself is within volatile computer memory (RAM).  

Although an essential part of malware analysis, incident response, digital forensics, software reverse engineering, and exploit development, memory forensics is not trivial to master. In addition, many problems and inefficiencies exist within our current approach of conducting memory analysis: it takes too much time, is very labor intensive, and artifact extraction comes with an overload of raw data that is not practical on real-world compromised computer systems. These inefficiencies ultimately result in greater resource expenditure to conduct the analysis which provides less accurate results. I have solved this problem by engineering a new construct for memory analysis along with a new tool release to provide advanced memory analysis, correlation, and user-interaction to enhance analysis, increase accuracy, and better detect obfuscated malware.

This is a very hands-on workshop that provides an indepth approach at malware analysis via computer memory analysis. A brand new tool and new memory analysis construct is released to demonstrate advanced (yet easier to understand) capabilities for conducting memory analysis.

Advanced memory analysis is not easy – but it is not impossible either. This technical workshop gets the participant very comfortable with the Windows Internals and advanced techniques of conducting feature extraction, malware analysis from computer memory analysis. We will walk through multiple analysis of real-world malware exploitation samples. Advanced malware is capable of obfuscating from the user and the operating system. This workshop reveals how to discover and extract advanced malware and rootkits directly from memory and utilizes a brand new (completely open-source) tool that drastically saves hours and hours of analysis, enhances your capabilities, and encapsulates analysis results in a very interactive user interface and report. This talk is best suited for Software Reverse Engineers, Malware Analysts, Exploitation Developers, Digital Forensics Examiners, and Cyber Incident Responders.

avatar for Solomon Sonya

Solomon Sonya

Solomon Sonya (@Carpenter1010) is an Assistant Professor of Computer Science at the United States Air Force Academy. He has a background in software development, malware analysis, covert channels, steganography, distributed computing, computer hacking, information protection paradigms... Read More →

Thursday October 7, 2021 14:00 - 18:00 CEST
05. La Trappe Novotel