Notes from Belfast BSides 2017

Ain’t Nobody Got Time For That: Dynamic Malware Analysis for the Overworked Analyst

Presenter: Edmund Brumaghin

Software for lab

Setting up a malware lab? Here are some tools.

Indicator of Compromise (IOCs)

Places to find some IOC/Malware.

Open Source Intelligence (OSINT)

The Path To Self-Securing Software

Presenters: Gary Robinson & Yan Haung

  • Automatic identification of attack vectors from source code.

    • Chomsky Hierarchy of grammar
    • Java parser, creates abstract Syntax Tree (AST), Can generate new source code
    • ANTLR (Another tool for Language Recognition)
      • To parse any language, need to know the grammar of the language
    • Parser will output the tree into JSON format, which can then be used by other software.
  • Create a Security Model

  • Create Engine to apply security model to project model (JSON from parser)

  • [Patent] Detect where data is going on the network and generate and apply firewall rules.

  • Currently automate security tests, but tests are manually written.

  • Annotate code with the security flags.