Malware Utkonos
Robert Simmons is a Malware Researcher. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert, also known as Utkonos, has a background in Biology, Linguistics, and Russian Area Studies. He has spoken on malware analysis and reverse engineering at many of the top security conferences including BalCCon, DEFCON, HOPE, botconf, and DerbyCon among others. He is also the maintainer of plyara, a YARA rule parser written in pure python as well as x64dbgbinja the official connector integration between x64dbg and Binary Ninja.
Session
The Nullsoft Scriptable Install System (NSIS) is an open source, widely used software packaging system used to distribute loads of software from tools to games. It is also abused in a variety of ways by adversaries to deliver malware. This talk will cover the various ways that malicious actors abuse NSIS in the wild. This includes the basic techniques to advanced abuse by malware families such as GuLoader. Also covered is a pair of Python tools I wrote for decompressing and extracting NSIS bytecode scripts along with a review of many tools available for decompiling and analyzing the NSIS bytecode.