Shared Code Analysis of Malware using PYTHON and ML
Anmol Maurya (~anmol54) |
Shared code analysis, also called similarity analysis, is the process by which we compare two malware samples by estimating the percentage of precompilation source code they share.
In reverse engineering, shared code analysis helps identify samples that can be analyzed together (because they were generated from the same malware toolkit or are different versions of the same malware family), which can determine whether the same developers could have been responsible for a group of malware samples.
In this talk, you’ll learn to use these techniques to do the following:
-Identify new malware families that come from the same malware toolkits or were written by the same attackers.
-Determine code similarity between a new sample and previously seen samples.
-Visualize malware relationships to better understand code-sharing patterns between malware samples and to communicate your results to others.
-Use two proof-of-concept tools I built for implementing these ideas and allow you to see malware shared code relationships.
Who is this Poster for?
-Hobbyist reverse engineers and Malware Analysts
-Anyone interested in security.
*-Bored malware analysts looking to automate some of their work *
-Basic knowledge of Python and Machine Learning (Not Compulsory)
-A basic understanding of x86 assembly
-Minimal knowledge of the ELF format
I'm Anmol Maurya, CyberSecurity Researcher currently Undergrad, pursuing my Bachelors from SRM University KTR Chennai.
Quite passionate about Reverse Engineering and Malware Analysis with prior knowledge of Web Sec and penetration testing.
I'm CO-Lead of Cybersecurity community and Research Club of University, where we play CTF's, Do some Research-Based Works (Currently Working on Search Engine Project), given talks and Workshops from College to Various Communities (ex: Null Community).
I'm an active open source contributor from Git to StackOverflow (most of the places :P)