Big Game Hunting: The Peculiarities of Nation-State Malware Research


View Recording

Thursday, August 20, 2015
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A



Big Game Hunting: The Peculiarities of Nation-State Malware Research - by Marion Marschalek

The security industry focus on state-sponsored espionage is a relatively recent phenomenon. Since the Aurora Incident brought nation-state hacking into the spotlight, there's been high profile reports on targeted hacking by China, Russia, U.S.A, Israel, to name a few. This has led to the rise of a lucrative threat intelligence business, propelling marketing and media campaigns and fueling political debate.

This session will cover the idiosyncrasies of nation-state malware research with special focus on Babar (aka SNOWGLOBE, allegedly written by France), Regin (aka WARRIORPRIDE, allegedly written by the Five Eyes) and commercially written offensive software. Mentioned families will be used as case studies in examining attribution difficulties and serve to cover what happens when you find other players on the hunt.

The conducted research focusses on the attribution problem to formulate a novel approach to create credible links between binaries originating from the same group of authors. The goal is to add transparency in attribution and supply analysts with a tool to emphasize or deny vendor statements. The technique is based on features derived from different domains, such as implementation details, applied evasion techniques, classical malware traits or infrastructure attributes; which are then leveraged to compare the handwriting among binaries.

Presenter:

Marion MarschalekMarion Marschalek

Marion Marschalek is a malware reverse engineer on duty for Cyphort, Inc., focusing on the analysis of emerging threats and exploring novel methods of threat detection. She teaches malware analysis at University of Applied Sciences St. Pölten and frequently appears as speaker at international conferences.


UpcomingEvents

  • Black Hat USA 2017
    July 22-27, 2017
  • Black Hat Europe 2017
    December 4-7, 2017
  • Black Hat Asia 2018
    March 20-23, 2018

ShowCoverage

StayConnected

Fill out the form below to stay up to date on the latest Black Hat info, newsletters and intel.

Email*
First Name
Last Name
Subscription Group

Sustaining Partners