04-18-2020 Hunting & Pivoting Using Research-Driven Threat Intelligence

Pacific Hackers Meetup
Pacific Hackers Meetup
Public group

Online event

This event has passed

Details

Online meeting: https://phack.my.webex.com/meet/phack
2PM Pacific Standard Time

Hunting & Pivoting Using Research-Driven Threat Intelligence

Abstract:
PolySwarm is a threat intelligence platform and marketplace composed of general large anti-malware engines as well as specialized individual and small business engines. All of these engines compete to provide the lowest false positive / false negative rate for detecting malicious files, IPs, domains and URLs.

The PolySwarm platform builds on the insights offered by these engines to provide rich search capabilities including malware downloads, YARA-based hunting and "metadata searching", for example: "show me all of the 64 bit Windows executables from the last week that were flagged as malicious by at least 1 engine and export functions that match this regular expression".

In this talk, we'll chat about using the PolySwarm platform to hunt news grabbing malware, including particularly insidious malware using COVID-19 to lure victims as well as what you can do to join in the fight against malware for fun (and profit).

PolySwarm founded a malware research community called polyX where members discuss ongoing threats, share IOCs & samples, and more. Attendees will get a polyX invite + a free PolySwarm account upgrade for double the number of free malware downloads.

Paul Makowski is CTO and Co-Founder of Polyswarm, a threat detection marketplace where businesses get real-time answers on suspect files, IP addresses, URLs & domains from a crowd-sourced network of security experts.

Prior to co-founding PolySwarm, Paul reverse engineered malware and wrote bespoke disinfection tools for Fortune 100 clients. Paul authored many of the autonomous program analysis challenges in DARPA’s Cyber Grand Challenge, researched partial homomorphic encryption as it applies to protecting programs and network signatures (DARPA CFT), and has co-designed a confidentiality system for a public / private hybrid blockchain for identity management (US DHS). Paul served at the National Security Agency (NSA) for two years as a Global Network Exploitation and Vulnerability Analyst (GNEVA). Paul has competed in and won DEF CON’s CTF competition.

Paul holds a patent on detecting exploitation of memory corruption vulnerabilities using symbolic constraints and has two patents pending on XOM as a basis to defeat ASLR defeats as well as a system for establishing disjoint privilege domains in a single process space.