Wes Brown (Security Consultant, IOActive)

Presentation Title: So You Want to Analyze Malware?
Presentation Abstract:

Malware is a broad category of ‘malicious’ software that covers trojans, viruses, worms, rootkits, and other software that steals information or subverts computers into unintended purposes. There are many reasons why one would want to analyze malware, and they can range from professional interest in defending networks from them, to personal fascination in the techniques involved in crafting them.

Whatever one’s reason for analyzing malware, Wes Brown of IOActive will share many of the techniques that he’s utilized in the course of his career working on client incident response engagements as well as a full time analyst on a heuristic detection product.

Many might think that the techniques are dominated by methods such as reverse engineering and binary analysis, and indeed it is a major part of any analyst’s toolkit. However, statistical analysis, and static forensics can often play just as key a role, combined with scripting, systems management, and data warehousing.

Wes will describe and show examples of such techniques, as well as supporting tools. The emphasis will be on doing this with low cost or free tools, so that an audience member can get up and running quickly with malware analysis even on a shoestring budget.

About Wes

Wes Brown is a long-time network security practitioner who specializes in code reviews, application assessments, penetration testing, reverse engineering, and tools development.

Prior to joining IOActive as a security consultant, Wes worked for outfits such as Matasano Security, Internet Security System (now IBM’s) X-Force Consulting team and for Accuvant as well. He conducted numerous penetration testing and application assessment engagements for clients ranging from the smallest to Fortune 500 companies. He was responsible for many of the in-house tools that helped the external assessment consulting practice succeed. He can be found at industry conferences, having spoken at Defcon and Hack in the Box in the past.