Overview
Explore the untapped potential of malware repositories for intelligence gathering in this 55-minute Black Hat conference talk. Delve into innovative methods for extracting connections between malware samples, despite deceptive techniques employed by creators. Learn about a scalable approach combining formal program analysis and data mining to search large-scale repositories for forensic evidence. Discover VirusBattle, a cloud-based malware analysis web service, and examine empirical evidence supporting the viability of mining malware repositories for meaningful insights. Gain valuable knowledge on topics such as semantic fingerprinting, code normalization, and semantic hashing, and understand their impact on tracking malware evolution and drawing connections between seemingly disparate cyber attacks.
Syllabus
Introduction
Welcome
Cybersecurity Disconnect
Jeff Moss
The economics of developing malware
Finding connections between malware
Google for Malware
The Challenge
VM Inversion
Semantic Fingerprint
Code Obfuscation
Code Normalization
Map to Code
Semantic Juice
Creating Indexes
Architecture
Results
Case Study
Unpacking
True Intelligence
Semantic Hashing
The beauty of semantic hashes
The impact of semantic hashes
Evolution of a malware family
Summary
Questions
Taught by
Black Hat