Robert Simmons is Principal Malware Researcher at ReversingLabs. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others.
Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine.
This beginner's workshop introduces students to the basics of malware analysis. This includes how to source new malware samples for practice as well as where to find resources for self-directed learning going forward. Students will learn how triage malicious email attachments as well as how to work with automated malware analysis tools. As a capstone exercise, students will learn the basics of manual dynamic malware analysis using a controlled lab environment.
This workshop examines how to use the Qiling instrumented binary emulation framework to analyze PE malware executables. Students will learn about how to interact with the framework using Python code to detect execution conditions and to dynamically run custom analysis code. Specific skills the student will learn are dumping memory containing the next malware stage for further analysis as well how to circumvent anti-analysis features added to the malware by the adversary with the intent of foiling the malware analyst.