New research being presented today at DoD Cyber Crime

Written by Michael J. Graven

Several of us are at the DoD Cyber Crime 2009 conference this week in Saint Louis, MO. There’s been some interesting talk about products and techniques, as well as the usual “class reunion” of folks we used to work with. And an ice storm. Good times.

 

Today, Nick Harbour’s going to present some research that follows from his 2008 DEFCON presentation — examining, in depth, some of the newer persistence methods the attackers are using against the defense community. He’ll also be demoing a work in progress tool currently dubbed “Find Evil,” which helps an analyst find evil executables in a sea of legitimate ones. It goes beyond our Red Curtain file analysis tool, using disassembly of the suspect binary to perform more sophisticated analysis.

 

Nick’s presentation is at 13:35 today, in the Landmark 7 meeting room.

Leave a Reply

You must be logged in to post a comment.

Recent Posts

• DLL Search Order Hijacking Revisited
• Find Evil and Solve Crime, Part 1: Focus
• Reversing Malware Command and Control: From Sockets to COM
• The Challenges to Remediating from the APT
• Stuxnet Memory Analysis and IOC creation

Follow us on Twitter

MANDIANT News