(no title)
lauriewired | 1 year ago
I talk about Reverse Engineering/Malware Research, Computing History, and low level programming.
lauriewired | 1 year ago
I talk about Reverse Engineering/Malware Research, Computing History, and low level programming.
mettamage|1 year ago
I had a couple of courses in Amsterdam (from VUSEC), but never really pursued it afterwards. It's fun, but I couldn't imagine doing it full-time.
lauriewired|1 year ago
The flow is essentially: 1. Break down a sample to determine behavior; this is usually a mixture of static (decompilation) and dynamic (running the sample in a safe env /w a debugger) analysis.
2. Write a signature / detection based on unique identifiers you discover inside the payload. This is where the real skill comes in; being extremely clever with Regex is helpful here.
It's a tricky game to keep up with malware developers. Write a signature too specific, and all they have to do is recompile with a few string changes to defeat you. Conversely, if a detection is too broad, you run the risk of detecting benign software (aka a False Positive or FP).
darksim905|1 year ago