Category Archives: 2015

Behavior-driven development in malware analysis

A daily task of malware analysts is the extraction of behaviors from malicious binaries. Such behaviors include domain generation algorithms, cryptographic algorithms or deinstallation routines. Ideally, this tedious task would be automated. So far scientific solutions have not gotten beyond proof-ofconcepts. Malware analysts continue to reimplement behaviors of interest manually.

Malware instrumentation: application to Regin analysis

The complexity of the Regin malware underlines the importance of reverse engineering in modern incident response. The present study shows that such complexity can be overcome: substantial information about adversary tactics, techniques and procedures is obtained from reverse engineering. An introduction to the Regin development framework is provided along with

« Older Entries