Overview
This course aims to teach learners how to extract intelligence from malware repositories by identifying connections between different malware creators. The course covers topics such as formal program analysis, data mining, identifying shared code among malware, and overcoming malware deceptions like polymorphic packing. The teaching method involves a combination of formal program analysis and data mining techniques. This course is intended for cybersecurity professionals interested in leveraging malware repositories for threat intelligence and trend analysis.
Syllabus
Introduction
Welcome
Cybersecurity Disconnect
Jeff Moss
The economics of developing malware
Finding connections between malware
Google for Malware
The Challenge
VM Inversion
Semantic Fingerprint
Code Obfuscation
Code Normalization
Map to Code
Semantic Juice
Creating Indexes
Architecture
Results
Case Study
Unpacking
True Intelligence
Semantic Hashing
The beauty of semantic hashes
The impact of semantic hashes
Evolution of a malware family
Summary
Questions
Taught by
Black Hat