News Archives

  • UNM
  • >Home
  • >News
  • >2015
  • >April
  • >HumanCentric Security (HUCS)- Tales from the Crypt: Reversing Malware with the FLARE Team

HumanCentric Security (HUCS)- Tales from the Crypt: Reversing Malware with the FLARE Team

April 29, 2015

NOTE THE TIME CHANGE:
The HumanCentric Security (HUCS) talk will be this Friday, 5/1 at 4:00 p.m. in Room 1044 (Stamm Room) of Centennial Engineering Center. Our speakers will be Bob Jung and Carrie Jung.

Title: Tales from the Crypt: Reversing Malware with the FLARE Team

Summary:
Let’s pretend you’ve been given a core dump file from a crashed system process. This particular core file happens to be the only forensic evidence the IR team was able to find during a high profile investigation. You don’t have access to the malware that produced it. You don’t have access to the system it was produced on. The clock is ticking and people are depending on you to make sense of this massive memory snapshot and do your best to come up with answers as quickly as you can to a bunch of questions like "Is this definitely malicious? Have we seen this before or is it something new? Is it targeted at us or simply mass malware? Who did this? Why did they do this? What specifically was the payload created to do? "

Welcome to another day on the FireEye Labs Advanced Reverse Engineering (FLARE) team. Our group of a dozen malware reverse engineering experts was put together to deal with the incredibly unique and challenging problems that no one else can. In this talk we’ll start with a discussion of some interesting real world RE problems we’ve recently been tasked . From there we’ll move on to cover an in depth discussion of strategies and techniques we use for both manual and automated malware analysis.

Bios

BobJung:
Bob Jung is a Reverse Engineer at FireEye specializing in virtualization and automated dynamic analysis of malware. Since graduating from the UNM Computer Science Department in 2002, he spent 9 years at Sandia National Laboratories researching various aspects of Information Security and figuring out clever ways to break stuff. Bob has a Bachelor's in Computer Science from the University of New Mexico and a Master's in Computer Science from Cornell.

Carrie Jung:
Carrie Jung is a malware reverse engineer and security researcher at FireEye. Prior to FireEye, she spent nearly a decade in computer security research at Sandia National Laboratories working on everything from application security to network security to low-level systems based security and reverse engineering. Carrie received her BS in Computer Science with a minor in Mathematics from Purdue University, and a MS in Information Security Technology and Management from Carnegie Mellon where her thesis focused on automated binary transformations.

FLARE:
The FLARE team is an elite technical enclave of reversers, malware analysts, researchers, and teachers, who team up with their FireEye Labs peers to help bring the best detection to our customers and promote knowledge sharing with the security research community. Many FireEye groups have reversing engineering needs: Mandiant Services discovers malware during incident response, FireEye-as-a-Service constantly discovers threats on monitored client networks, and Products benefit from in-depth reversing to help improve detection capabilities. We provide technical training on malware analysis privately and at conferences like Black Hat. Watch our webinars on malware analysis, read our blog series of scripts for IDA Pro to aid reverse engineering of malware, and take the second FLARE On Challenge this summer.