Briefing Title: A New Trend for the Blue Team – Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/Ransomware
Date: 4:20PM – 5:00PM PT, Wednesday, Aug. 10, 2022
Speakers: Sheng-Hao Ma, Mars Cheng, Hank Chen
We believe there may be a new tool in the Blue Team’s toolbox, through the use of a symbolic execution engine to detect and analyze suspected malware/ransomware binaries. Using our practical symbolic engine based on the combination and improvement of academic and practical research, you can identify and detect various exploit, techniques, and multiple malware/ransomware variants via symbolic signature attack techniques and ransomware behaviors in a fully static situation. Even if the malware binary is obfuscated, we can still statically analyze it and detect it effectively. Our plan is to make our engine available to the community via open source during Black Hat USA 2022, to help give back to the infosec community and help Blue Teams save time on an ongoing and difficult problem.
Founded in 1997, Black Hat is an internationally recognized cybersecurity event series providing the most technical and relevant information security research. Now in its 25th year, Black Hat USA is excited to present a unique hybrid event experience, offering the cybersecurity community a choice in how they wish to participate. Black Hat USA 2022 will open with four days of Trainings (August 6-11). The two-day main conference (August 10-11) featuring Briefings, Arsenal, Business Hall, and more will be a hybrid event—offering both a Virtual (online) Event and a Live, In-Person Event in Las Vegas. See the Conference Highlights below for more details.