SecuraBit Episode 61: Reverse Engineering Malware with a Spider Monkey

SecuraBit Episode 61: Reverse Engineering Malware with a Spider Monkey

Hosts:
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Tim Krabec – @tkrabec http://www.SMBMinute.com
Nicholas Berthaume — @nberthaume https://www.bordergatewayprotocol.net
Anthony Gartner – @anthonygartner http://anthonygartner.com

Guests:
Guest: Lenny Zeltser – @lennyzeltser http://zeltser.com/

General topics:
Reverse Engineering Malware

New Linux Distro to analyze malware
REMnux: A Linux Distribution for Reverse-Engineering Malware
http://zeltser.com/remnux/
Based on Ubuntu
Released just 5 days ago – July 8, 2010
2500 Downloads so far
VMWare appliance
Live Distro going out to Source Forge soon
Enlightenment as window manager, (no gnome or kde)
Just what you need to do the analysis
Lightweight as possible
Tools
Emulate Services
Allow malware to interact with your own resources
how does it differ from CW Sandbox
Determine the signs of comprise to compare with your production environment
JS Unpack
Since it is an Ubuntu distro, you can roll a custom version for your environment or lab.
Intrigrrated into the Reverse Engining Malware course from SANS

SANS Digital Forensics Summit
The state of people relying on only antivirus for protection.

The innovator’s dilemma http://www.amazon.com/Innovators-Dilemma-Revolutionary-Business-Essentials/dp/0060521996
Microsoft Security Essentials http://www.microsoft.com/security_essentials/

http://www.sans.org/vlive/
Forensics 610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
SANS vLive! FOR610 – 201001 – Monday, July 26, 2010 – Thursday, August 26, 2010
http://www.sans.org/vlive/details.php?nid=20668

Upcoming events:

BSidesLV http://www.securitybsides.com/BSidesLasVegas
BlackHat https://www.blackhat.com/html/bh-us-10/bh-us-10-home.html
Defcon https://www.defcon.org/html/defcon-18/dc-18-schedule.html
Tim is speaking http://defcon.org/html/defcon-18/dc-18-speakers.html#PanelHTF
Tim is also doing a skytalks schedule http://sudux.com/skytalks_web.jpg
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th
South Florida ISSA’s Hack the flag and chili cookoff  Saturday August 14, 2010 from 12:00pm – 5:00pm
http://sfissa.org/index.php/sfissa-mm-events/htf-main/85-hack-the-flag-2010
These are the upcoming security cons and where you can find those of us that will be attending starting in less than two weeks.

Links:
Chat with us on IRC at irc.freenode.net #securabit

Leave a Reply