Malware analysis implementations in radare2 & Devsecops Build Inspector

We are excited to announce February month Meetup

Agenda

• Networking and Snacks

• Introduction & Announcements

• Towards malware code analysis implementations and workflow in radare2 - by Matthew Brooks
Abstract: The radare2 reverse engineering framework has been recognized as a disrupter in the reverse engineer’s toolkit. It is flexible, powerful, free, and 100% open-source. However, some potential adopters still have not found ways to use the tool within their analysis workflow. This talk will introduce an example malware code analysis workflow coupled with publicly-available implementations from r2kit (https://github.com/cmatthewbrooks/r2kit …). Lastly, new soon-to-be released work will also be introduced as well as ways in which others can contribute to the project.

• Do you trust your builds or build what you trust? - by Ang Ming Yi
Abstract: Developers today assemble applications using untrusted libraries which often lead to serious security consequences. Popular package managers like NPM and PyPI have been easily attacked by simply uploading malicious libraries on their central distribution services. In this talk, we will look at the detailed anatomy of how such an attack can work using a proof of concept npm library. We will also introduce Build Inspector ( https://github.com/devsecops-community/build-inspector), an open-source tool that can be used as a forensic sandbox for CI/CD environments. We will demo how you can use build inspector to detect malicious packages and exfiltration attempts during the build process.

Speaker Bio:
Matthew Brooks
Matt Brooks is a malware researcher with additional interests in digital forensics and incident response.

Ang Ming Yi
Ming is a security researcher who is passionate about building security automation tools to aid the discovery of various security issues. Since improving his arsenal of tools, he has made contributions to several open-source projects by responsibly disclosing the vulnerability findings he encounters from his research.

See you there!