Modern Reconnaissance Phase by APT – Protection Layer

The Talos researchers are no stranger to APT attacks. During recent research, we observed how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. During the presentation, we will not speak about a specific malware actor but we will use various different cases to illustrate how the reconnaissance phase is becoming more important and more complex.
This talk will mainly focus on the usage of malicious documents (Microsoft Office and Hangul Word Processor) and watering hole attacks designed to establish if the target is the intended one. We will mention campaigns against political or military organizations targeting USA, Europa and Asia.
Continue reading…


Analysis of High-level Intermediate Representation in a Distributed Environment for Large Scale Malware Processing

Malware is acknowledged as an important threat and the number of new samples grows at an absurd pace. Additionally, targeted and so called advanced malware became the rule, not the exception.

At Black Hat 2015 in Las Vegas the researchers co-authored a work on distributed reverse engineering techniques, using intermediate representation in a clustered environment. The results presented demonstrate different uses for this kind of approach, for example to find algorithmic commonalities between malware families. As a result, a rich dataset of metadata of 2 million malware samples was generated.
Continue reading…