'Record and replay' code analysis has been a topic of interest in academia for the last 10 years, but has not yet offered practical results when applied to exploit analysis. A 'record and replay' approach to debugging - specifically, a responsive and deterministic implementation that can record a full code execution and replay it offline, as well as step it forwards and backwards, set breakpoints and handle other common debugging tasks - would be a great advantage to exploit researchers, provided it can circumvent current anti-debugging tactics used by malware authors.
Jarkko Turkulainen works as a senior researcher for F-Secure. He joined the company in 2004 as a malware analyst and since then has been working in various roles, ranging from daily malware sample handling to anti-virus engine R&D. Now his main focus is on prevalent advanced threats.
Jarno Niemelä has spent the past 17 years at F-Secure security lab working on analysing and identifying malicious behaviour and planning automatic malware handling systems. His current duties focus on automating cyber-attack detection and planning new cyber-defence systems for F-Secure products and services. Keen on data science and on analysing APT and malware behavioural patterns, he also teaches cyber defence at Metropolia University of Applied Sciences. He often speaks at cybersecurity events.
Tiberius Axinte (Bitdefender)
This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…
John Graham-Cumming (Cloudflare)
In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…
Thiago Marques (Kaspersky Lab)
Fabio Assolini (Kaspersky Lab)
Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…