Comparing Malicious Files

BSidesDE 2018

Presented by: Robert Simmons
Date: Friday November 09, 2018
Time: 13:00 - 13:50
Location: Track 2

A critical step one must take during the malware analysis process is to attempt to determine the malware family a sample may belong to. Even if one cannot link a file to a family, one must at least try to find files that are similar and extrapolate information about the sample from comparison with these similar files. This talk reviews a variety of methods for comparing files from simple to complex.

Audience: Malware analysts, researchers, and incident responders with moderate experience

Robert Simmons

Robert Simmons is an independent malware researcher. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others. Robert also is a maintainer of plyara, a YARA rule parser written in pure python. Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats