Dissecting the Hack: Malware Analysis 101
-
Upload
rochester-security-summit -
Category
Technology
-
view
777 -
download
1
description
Transcript of Dissecting the Hack: Malware Analysis 101
Dissecting the HackMalware Analysis 101
Sunday, September 19, 2010
Who am I?
Gerry Brunelle
System Security Engineer for Boeing
Sunday, September 19, 2010
What were covering
Malware 101
Analysis 101
evil.exe
Sunday, September 19, 2010
Malware 101
So..what is malware?
A piece of software that accesses a computer secretly without the owners consent
Some types are viruses, rootkits, and trojans
Are designed to do almost anything
Sunday, September 19, 2010
Malware 101
How does malware affect you?
Steals information from your systems
Compromises integrity of you data
Cripples networks
Sunday, September 19, 2010
Analysis 101
2 Types
Behavioral analysis
Code analysis
Sunday, September 19, 2010
Analysis 101
Behavioral analysis
What the malware does
File creation/modification
Network activity
Registry activity
Sunday, September 19, 2010
Analysis 101
Code analysis
What you can’t observe
Code characteristics
Packing/unpacking
Embedded information
Sunday, September 19, 2010
Our scenario
User calls stating their machine is slow
Escalated to L2 support for on-site
On-site tech observes odd behavior
evil.exe running
Connected to port 1337 somewhere
Tech refers case to Security Operations Center
Sunday, September 19, 2010
Our Scenario
SOC CIRT Team mobilized
They are now observing multiple infections
Estimated infections at ~1000
Traffic is now crippling traffic at the border
Have received evil.exe for analysis
Sunday, September 19, 2010
Our scenario
Time to do some hacking...
Sunday, September 19, 2010