Wes Brown (Security Consultant, IOActive)

HITB Lab Title Building and Using an Automated Malware Analysis Pipeline
HITB Lab Abstract

Signature-based detection is effectively dead and obsolete, with behavioral techniques emerging. With behavioral techniques, it is useful to know the characteristics of the malware samples so that the analyst can perform taxonomy and refine detection heuristics and algorithms. But rate of malware has been increasing to a torrent with new samples and variants out in the wild, far more than what can be analyzed manually.

With so much incoming malware, it becomes vital that the pipeline be automated, so that the analyst can make informed decisions quickly, and decide whether to spend the time and money on a more rigorous manual review. Wes Brown of IOActive will present on how to build an automated malware analysis pipeline; he will discuss the virtualization platform, the guest workers that run the samples, and methodologies for gaining information such as network traces, static forensics, and automated binary analysis.

During the presentation, in this hands-on lab, attendees will be provided a Live CD to boot off of, and attendees will get to play with malware samples and a live pipeline. Attendees are strongly encouraged to bring hardware that has a DVD/CD drive and 1GB of RAM or they will not be able to participate in this workshop. The faster the computer, the better, though the LiveCD has been tested on Atom-based laptops.

About Wes Brown

Wes Brown is a long-time security practitioner who specializes in code reviews, application assessments, penetration testing, reverse engineering, and tools development.

Prior to joining IOActive as a security consultant, Wes worked for outfits such as Matasano Security, Internet Security System (now IBM¹s) X-Force Consulting team and for Accuvant as well. He conducted numerous penetration testing and application assessment engagements for clients ranging from the smallest to Fortune 500 companies. He was responsible for many of the in-house tools that helped the external assessment consulting practice succeed. He can be found at industry conferences, having spoken at Defcon and Hack in the Box in the past.