2024-07-03, 10:50–11:25 (Europe/Paris), Amphitheater
When I'm teaching reverse engineering, we cover different malware analysis approaches from static analysis up to code analysis. We don't convert the “automated” analysis part. Why? Because, the training goal is to help you to address malware that failed (or evaded) sandboxes. But it does not mean that automation is not interesting, it is… definitively! It's a great way to process a huge amount of malware samples and focus only on the “interesting” ones. In this talk, I'll show you how I'm doing my hunting activities, how I collect interesting samples from mail feeds, online resources and how files are processed/stored.
In this talk, I’ll review my “hunting playground”.
Xavier Mertens is a freelance security consultant running his own company based in Belgium (Xameco). With 15+ years of experience in information security, Xavier finds “blue team” activities more attractive. Therefore, his day job focuses on protecting his customers' assets by providing services like incident handling, malware analysis, forensic investigations, log management, security visualization, and OSINT). Besides his day job, Xavier is also a Senior Handler at the SANS Internet Storm Center, Certified SANS Instructor (FOR610/FOR710), security blogger and co-organizer of the BruCON security conference.