Automating packer and compiler/toolchain detection can be tricky and best and downright frustrating at worst. The majority of existing solutions are old, closed source or aren’t cross platform. Originally, a method of packer identification that leveraged some text analysis algorithms was presented. The goal is to create a method to identify compilers and packers based on the structural changes they leave behind in PE files. This iteration builds upon previous work of using assembly mnemonics for packer detection and grouping. New features and analysis are covered for identification and clustering of PE files. Speaker Bio: Mike Sconzo has been around the Security Industry for quite some time, and is interested in creating and implementing new methods of detecting unknown and suspicious network activity as well as different approaches for file/malware analysis. This includes looking for protocol anomalies, patterns of network traffic, and various forms of static and dynamic file analysis. He works on reversing malware, tool creation for analysis, and threat intelligence. Currently a lot of his time is spent doing data exploration and tinkering with statistical analysis and machine learning.
DEF CON 23 - Mike Sconzo - I Am Packer And So Can You Video - YouTube |
| 8 Likes | 8 Dislikes |
| 1,496 views views | 147,504 followers |
| Science & Technology Creative Commons Attribution licence (reuse allowed) | Upload TimePublished on 25 Dec 2015 |
Không có nhận xét nào:
Đăng nhận xét