Some of the most difficult malware for standard vendor-driven security products are document files containing code to run. JavaScript in PDF files and macros in Microsoft Office files are certainly not a new problem but remain a serious threat. I will show how to automate some of the analysis of this code. By analyzing the entropy of the code extracted most attacks can be detected by searching for the hacker's attempt to avoid detection. As a bonus for red team members, I will show how to defeat my own detection and better hide malicious code.

Bio: Adam Hogan is a Consulting Security Engineer with Cisco?s Advanced Threat Solutions team. He began his career in security with the open source community and has been working with Snort and Clam ever since. He enjoys researching malware and how to stop t. His graduate studies are in economics, but turns out that wasn?t nearly as fun as security. Adam lives in Columbus, Ohio.

Back to Circle City Con 2015 Videos list