Explore the intricacies of malware reverse engineering and its future implications in this 55-minute conference talk from Derbycon 2016. Delve into Brandon Young's approach to malware reverse engineering, examining current trends and future prospects in the field. Learn about automation techniques, sandbox usage, and API utilization, with a focus on practical examples such as VirusTotal integration. Witness demonstrations of NetTraveler analysis and dynamic binary instrumentation. Gain insights into debugging scripts, export table navigation, and essential wisdom for aspiring reverse engineers. Conclude with a Q&A session to address lingering questions about this complex and evolving discipline.
Overview
Syllabus
Intro
RE telling me to stop doing RE?
Who is this talk for?
Outline
My Approach to Malware RE
Today and the future...
What's actually changed?
Automating some of the things...
So how do I do it?
Sandboxes cont...
API Usage Example: VT
Demo: NetTraveler...
Dynamic Binary Instrumentation
Debugging Scripts... Demo
IMAGE_EXPORT_DIRECTORY
Walking the Export Table...
Words of wisdom
Questions?
