News Archives

[Colloquium] Visualizing Compiled Executables for Malware Analysis

September 30, 2011

Watch Colloquium: 

M4V file (599 MB)

  • Date: Friday, September 30, 2011 
  • Time: 12:00 pm — 12:50 pm 
  • Place: Centennial Engineering Center 1041

Daniel Quist
Advanced Computing Solutions, Los Alamos National Laboratory

Reverse engineering malware is a vital skill that is in constant demand. The existing tools require high-level training and understanding of computer architecture, software, compilers, and many other areas of computer science. Our work covers several areas that are made to lower the barrier of entry to reverse engineering. First, we will introduce a hypervisor based automatic malware analysis system. Second, we will showcase our binary instrumentation framework for analyzing commercial software. Finally, we will show our graph-based dynamic malware execution tracing system named VERA. Each of these systems reduces the complexity of the reverse engineering process, and enhances productivity.

 

Bio: Daniel Quist is a research scientist at Los Alamos National Laboratory, and founder of Offensive Computing, an open malware research site. His research is in automated analysis methods for malware with software and hardware assisted techniques. He has written several defensive systems to mitigate virus attacks on networks and developed a generic network quarantine technology. He consults with both private and public sectors on system and network security. His interests include malware defense, reverse engineering, exploitation methods, virtual machines, and automatic classification systems. Danny holds a Ph.D. from the New Mexico Institute of Mining and Technology. He has presented at several industry conferences including Blackhat, RSA, and Defcon.