filmov
tv
Hack.lu 2016 Interesting Malware - No, I’m not kidding... by Marion Marschalek
Показать описание
There is malware, and then, there is m.a.l.w.a.r.e. Last year we got our fingers on a set of exquisite binaries which were definitely not the usual kind. No I’d never call malware sophisticated, after all that’s not what it takes to be dangerous; or interesting. But those were a challenging beast, unusually intriguing.
For the lack of a better name, and given all the whacky traits the binaries come with, we dubbed the family CheshireCat. That’s the pink cat in Alice’s wonderland with the most stupid grin. The CheshireCat binaries have been around since 2002, some are built for workstations as old as Windows NT4, they support dial-up connections and executable header checks for the NewExecutable file format. Go figure. We came to the conclusion, someone very dedicated has built CheshireCat for very special networks and kept his operation under the radar for more than a decade.
This talk will introduce CheshireCat’s implementation traits, stealth tactics and wonderous functionalities. Special attention will be paid to the retro coding style and the kind of functional obfuscation that make CheshireCat so special.
Bio: Marion Marschalek
Marion Marschalek is Principal Malware Researcher at G DATA Advanced Analytics, focusing on the analysis of emerging threats. Marion started her career within the anti-virus industry, and then worked on advanced threat protection systems, where she built a thorough understanding of how threats and protection systems work and at which points both have their caveats. Marschalek is a lecturer at University of Applied Sciences St. Pölten and frequently contributes to articles and papers. She is a regular speaker at international conferences and has presented research at Black Hat, RSA, and SyScan. She also serves as a review board member for Black Hat Europe. Marschalek was listed as one of Forbe’s “30 under 30” in the technology Europe division in 2016. In 2013 she was the winner of the Female Reverse Engineering Challenge, organized by RE professional Halvar Flake. She practices martial arts and finds vivid passion in taking things apart. Preferably other people’s things.
For the lack of a better name, and given all the whacky traits the binaries come with, we dubbed the family CheshireCat. That’s the pink cat in Alice’s wonderland with the most stupid grin. The CheshireCat binaries have been around since 2002, some are built for workstations as old as Windows NT4, they support dial-up connections and executable header checks for the NewExecutable file format. Go figure. We came to the conclusion, someone very dedicated has built CheshireCat for very special networks and kept his operation under the radar for more than a decade.
This talk will introduce CheshireCat’s implementation traits, stealth tactics and wonderous functionalities. Special attention will be paid to the retro coding style and the kind of functional obfuscation that make CheshireCat so special.
Bio: Marion Marschalek
Marion Marschalek is Principal Malware Researcher at G DATA Advanced Analytics, focusing on the analysis of emerging threats. Marion started her career within the anti-virus industry, and then worked on advanced threat protection systems, where she built a thorough understanding of how threats and protection systems work and at which points both have their caveats. Marschalek is a lecturer at University of Applied Sciences St. Pölten and frequently contributes to articles and papers. She is a regular speaker at international conferences and has presented research at Black Hat, RSA, and SyScan. She also serves as a review board member for Black Hat Europe. Marschalek was listed as one of Forbe’s “30 under 30” in the technology Europe division in 2016. In 2013 she was the winner of the Female Reverse Engineering Challenge, organized by RE professional Halvar Flake. She practices martial arts and finds vivid passion in taking things apart. Preferably other people’s things.
0:44:44
0:44:45
0:37:32
0:27:41
0:31:47
0:34:19
0:39:27
0:40:33
0:41:45
0:17:09
0:28:35
0:25:27
0:42:27
0:37:08
0:31:14
0:52:46
0:33:26
0:27:41
0:32:02
0:31:50
0:37:32
0:05:30
0:31:47
0:06:25