News Archives

RSS Feed

  • UNM
  • >Home
  • >News
  • >2014
  • >April
  • >[Colloquium] Techniques and Strategies for Automated and Manual Malware Analysis

[Colloquium] Techniques and Strategies for Automated and Manual Malware Analysis

April 3, 2014

Watch Colloquium: 

MOVIE FILE

  • Date: Thursday, April 3, 2014
  • Time: 11:00 am - 12:00 pm 
  • Place: Mechanical Engineering 218

Bob Jung, Brian Jones, and Carrie Jung from FireEye

Say you've been asked to investigate a credit card breach at a major national retailer. How do you make sense of the software running on the cash registers? The investigators will turn to malware analysis to find out. Every day leads to the discovery of malware and other forensic artifacts on our client networks. These unwelcome discoveries often lead to similar line of questioning: "Are we sure this file is malicious? Is it targeted specifically at us or simply mass malware? Who did this? Why did they do this? What was this malicious payload created to do? Have you analyzed this before?" In this talk we will be covering how we've been successful in applying various areas of Computer Science such as Machine Learning, Virtualization, and Symbolic Execution towards efficiently answering these questions as well as discussing some of the more colorful examples of the shenanigans we deal with that malware authors use to confound our analysis efforts.

Bios

Bob Jung is a Senior Researcher at FireEye specializing in virtualization and automated dynamic analysis of malware. Since graduating from the UNM Computer Science Department in 2002, he spent 9 years at Sandia National Laboratories researching various aspects of Information Security and figuring out clever ways to break stuff. Bob has a Bachelor's in Computer Science from the University of New Mexico and a Master's in Computer Science from Cornell. Brian Jones is a Principal Research Engineer at FireEye, where he is developing statistical machine learning solutions for a variety of information security challenges. He is currently focusing on automated malware triage, detecting malicious activity from large volumes of enterprise data, and advanced visualization techniques. Prior to joining Mandiant, Brian spent 11 years at Sandia National Laboratories creating predictive analytics for homeland security programs. He holds Bachelor's and Master's degrees in Computer Science from the University of Virginia. Carrie Jung is a malware reverse engineer and security researcher at FireEye. Prior to FireEye, she spent nearly a decade in computer security research at Sandia National Laboratories working on everything from application security to network security to low-level systems based security and reverse engineering. Carrie received her BS in Computer Science with a minor in Mathematics from Purdue University, and a MS in Information Security Technology and Management from Carnegie Mellon where her thesis focused on automated binary transformations.