Dissecting the HackMalware Analysis 101

Sunday, September 19, 2010

Who am I?

Gerry Brunelle

System Security Engineer for Boeing

Sunday, September 19, 2010

What were covering

Malware 101

Analysis 101

evil.exe

Sunday, September 19, 2010

Malware 101

So..what is malware?

A piece of software that accesses a computer secretly without the owners consent

Some types are viruses, rootkits, and trojans

Are designed to do almost anything

Sunday, September 19, 2010

Malware 101

How does malware affect you?

Steals information from your systems

Compromises integrity of you data

Cripples networks

Sunday, September 19, 2010

Analysis 101

2 Types

Behavioral analysis

Code analysis

Sunday, September 19, 2010

Analysis 101

Behavioral analysis

What the malware does

File creation/modification

Network activity

Registry activity

Sunday, September 19, 2010

Analysis 101

Code analysis

What you can’t observe

Code characteristics

Packing/unpacking

Embedded information

Sunday, September 19, 2010

Our scenario

User calls stating their machine is slow

Escalated to L2 support for on-site

On-site tech observes odd behavior

evil.exe running

Connected to port 1337 somewhere

Tech refers case to Security Operations Center

Sunday, September 19, 2010

Our Scenario

SOC CIRT Team mobilized

They are now observing multiple infections

Estimated infections at ~1000

Traffic is now crippling traffic at the border

Have received evil.exe for analysis

Sunday, September 19, 2010

Our scenario

Time to do some hacking...

Sunday, September 19, 2010