Malware Analysis: Collaboration, Automation & Training

ShmooCon IX - 2013

Presented by: Richard Harman
Date: Saturday February 16, 2013
Time: 14:00 - 14:50
Location: Regency A
Track: Build It!

Whether you're a novice or a professional at analyzing malicious code, you'll have a desire to learn or pass on that skill. Most malicious code analysis is performed by a single analyst, some times with collaboration tools for sharing comments on code between two or more analysts. In this presentation you will learn how to set up a virtualized analysis environment that is suitable for solo analysis, training a classroom of students, passing an analysis VM between analysts, and a self-service analysis “session” playback of previous analysis sessions. All of this while not getting in your way, and making efficient use of RAM & disk space.

Richard Harman

Richard Harman is an incident responder at SRA International's internal Security Operations Center, where he slings Perl code supporting incident response and performs analysis & reverse engineering of targeted attack malware samples. He writes and releases many Perl scripts in support of his work on github at github.com/warewolf. Outside of his day job, he can be found hacking firmware on his Mini Cooper at the Nova Labs makerspace in Reston, VA.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats