No Disassembly Required - Brian Satira

No Disassembly Required Abstract: Does malware analysis seem like an arcane process involving hours of staring at assembly in OllyDbg or IDA? Is the only alternative relying on an "auto-magically" generated report from a sandbox? Many of the malware variants that today's analyst will face during incident response are not compiled binaries like Windows PE files. We will demystify analysis of JavaScript and VBA/VBS trojan downloaders embedded in phishing email attachments, PowerShell scripts used for post-exploitation, and tiny web shell backdoors. Our talk will seek to familiarize frontline defenders and anyone interested in the state of “now” malware analysis, with modern script-based variants. Bio: "Brian Satira is a malware rodeo clown and accidental fuzzer. You can follow him @r3doubt on Twitter or at https://blog.r3doubt.io/"