Technical Tuesday – 6 May 2014 – Malware Reverse Engineering – An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware by Dale Robson of CyberPoint

Posted by on May 6, 2014 in Events Archive | No Comments

Industry standard cyber security products do a good job in blocking and defending against recognized or suspicious malware. Industry leading security solutions employ a mix of sandboxing, signatures, heuristics, and reputation analysis to identify binaries and their behaviors at scale and typically at network speed. Yet increasingly, advanced malware is customized to evade detection and remediation; and even those that are caught can have deeper and more dangerous capabilities. The advanced, most-dangerous attackers enjoy an advantage in staying ahead of the defenders.

In order to truly understand the malware’s capabilities and to assess its success in gaining access to an enterprise, cyber security professionals should reverse engineer the binary to expose its secrets. Reverse engineering advanced malware can be a complex and time consuming process that is best conducted by experienced senior analysts (who are both scarce and expensive). It can be intimidating at both the technical and resource-demand level. As a result, organizations may forgo reverse engineering and rely on industry solutions to characterize and defend against the threat. Reverse engineering is done by exception and within the constraints of budget, time, and available professional talent, if it is done at all.

However, reverse engineering malware can be an integral part of every security team’s calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value-proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better-informed judgments on how to improve their response and remediation protocols.

Presented by: Dale Robson of CyberPoint

Dale Robson, an experienced reverse engineering specialist, has been with CyberPoint since 2012.  Dale has assisted in building CyberPoint’s computer network operations capabilities.  He currently works creating imaginative malware to exercise automated detection and defense systems.  Before joining CyberPoint, he worked as an embedded software developer and reverse engineering trainer at Booz Allen Hamilton.  Dale helped to design a reverse engineering curriculum and trained over one hundred and fifty students in beginner and advanced reverse engineering techniques. Before that Dale worked at Lockheed Martin designing anti-tamper systems to defend against malicious reverse engineers.  In these organizations he contributed to many critical programs and received recognition from multiple agency directors.  He earned his Master of Science degree in Computer Science from Rensselaer Polytechnic Institute and his Bachelor of Science degree in Computer Science from Rochester Institute of Technology