Malware reverse engineering challenges are a great way to keep reversing skills sharp and learn new techniques. The Flare-On Challenge is one of the most difficult and respected ones out there. Participants must complete ten unique challenges of increasing sophistication over a six-week period. Only 17 people in the US successfully completed this year's challenge, including the two of us. In this presentation, we'll familiarize reversers and non-reversers alike with how to approach challenge problems, and arm them with tools and tricks to successfully solve the types of problems they regularly see. These techniques not only helped solve this year's Flare-On problems, but more importantly, have real-world applicability. Many of the tools and techniques needed to complete the Flare-On challenge are key to understanding and reversing actual sophisticated malware, such as those used by APTs. We'll walk through how we solved several of the most relevant and creative challenges, providing the audience unique reversing insights that can help both experienced reversers and non-reversers augment their skill sets.
Blaine has years of experience reverse engineering, which he has applied to analyzing malicious binaries, including those of APTs. He came to Endgame after working for the DoD where he developed a diverse cybersecurity background including, but not limited to, reverse-engineering and malware analysis. He recently was one of the few who successfully completed the Flare-On Challenge, knocking out each of the ten reverse engineering challenges. He attended The University of North Carolina at Chapel Hill where he obtained both his Bachelor's and Master's in Computer Science. During graduate school Blaine researched and developed a method for finding ROP payloads via static memory analysis.
Josh is a Vulnerability Researcher at Endgame where he works on the R&D team. Prior to joining Endgame, Josh was a Security Consultant at NCC Group where he performed source code auditing and penetration testing for clients to improve the security posture of their products. Outside of work, Josh enjoys playing Capture-the-Flag (CTF) competitions and researching system-level security issues on multiple platforms.