VB2017 preview: Crypton - exposing malware's deepest secrets

Posted by   Martijn Grooten on   Sep 14, 2017

Ask a programmer to perform the same task twice and they will write a tool that automates it. Malware analysts are no different, and the Virus Bulletin Conference has a long history of including papers on tools and tricks that make the task of analysing malware a lot easier.

'Crypton' is such a tool. It was developed by F5 Networks researchers Julia Karpin and Anna Dorfman to speed up the reverse engineering process by decrypting encrypted content found in a (malicious) binary. Given that malware authors tend to take the 'encrypt everything' mantra to the extreme, this tool could save a lot of time.

However, the paper, which the researchers will present at VB2017, isn't just about 'yet another tool'. It actually describes the process Julia and Anna went through in designing and building it. For fellow researchers attending the conference, this is probably even more interesting than the end result.

aesdisassembled_karpindorfman.pngPart of the disassembled code of the AES algorithm, found as such in many a malware sample.

To learn from Julia and Anna's work, and to see more than 50 other speakers in Madrid next month, don't forget to register for VB2017 – and don't forget that there are special discounted tickets available for students!

VB2017-325w.jpg

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2018 paper: Office bugs on the rise

At VB2018 Sophos researcher Gábor Szappanos provided a detailed overview of Office exploit builders, and looked in particular at the widely exploited CVE-2017-0199. Today we publish his paper and release the video of his presentation.

VB2018 video: The Big Bang Theory by APT-C-23

Today, we release the video of the VB2018 presentation by Check Point researcher Aseel Kayal, who connected the various dots relating to campaigns by the APT-C-23 threat group.

VB2019 London - join us for the most international threat intelligence conference!

VB calls on organisations and individuals involved in threat intelligence from around the world to participate in next year's Virus Bulletin conference.

VB2018 paper: Tracking Mirai variants

Today, we publish the VB2018 paper by Qihoo 360 researchers Ya Liu and Hui Wang, on extracting data from variants of the Mirai botnet to classify and track variants.

VB2018 paper: Hide'n'Seek: an adaptive peer-to-peer IoT botnet

2018 has seen an increase in the variety of botnets living on the Internet of Things - such as Hide'N'Seek, which is notable for its use of peer-to-peer for command-and-control communication. Today, we publish the VB2018 paper by Bitdefender…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.