Hi [[ session.user.profile.firstName ]]

Automating File Analysis: 5 Key Capabilities for Your Malware Lab

The industry is quickly maturing beyond the need to just respond to attacks. Given the increasing risk associated with digitized business, organizations are realizing they need to assess threats targeting their own organization and stay ahead of attackers. They need to understand what might happen next, as well as what has already happened. This requires actively looking at the files across all sources of incoming digital content including email, web, file shares, file upload applications and storage, software releases and supply chain. This is the underlying driver behind the Malware Lab- to centralize malware analysis and research, consolidate tools, and automate processes in order to gain visibility into how threat actors might attack their organization, as well as serve the needs of incident responders.

In this session, we’ll discuss:

- Why organizations are moving toward understanding adversary and attack behaviors locally, and those trends likely to impact their business.
- What key capabilities are required as part of the “Malware Lab” to not only respond to attacks, but to provide the needed visibility to thwart adversaries before they attack.
- How to consolidate and optimize file analysis tools, (e.g. static and dynamic analysis), accelerate investigation times and hunt for latent threats.
- How to apply more explainable IOCs and actionable insights on malicious payloads to prepare for an adversary's attack in advance.
Recorded Sep 29 2021 52 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Chip Epps, Director of Product & Solutions Marketing
Presentation preview: Automating File Analysis: 5 Key Capabilities for Your Malware Lab

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • You’ve found Cobalt Strike on your Network. Is it Being Weaponized? Oct 28 2021 4:00 pm UTC 62 mins
    Patrick Knight, Sr. Threat Researcher & Architect, ReversingLabs
    Cobalt Strike, the popular penetration tool, has been abused by threat actors for years with thousands of abuse instances being recorded. Existing abuse can range from ransomware deployment to surveillance to data exfiltration and it’s presence can be the only noticeable precursor to a ransomware infection.

    During this session, Patrick Knight, Sr. Threat Researcher & Architect at ReversingLabs, will discuss how penetration tools like Cobalt Strike, PsExec and Mimikatz variants are abused by cybercriminals and common tools for APT groups. Patrick will use Cobalt Strike as an example to cover the different stages of a ransomware infection, why response plans need to map to a particular stage of an attack, the common tools involved at each stage of the attack, and the hunting methods required to analyze artifacts in order to prevent becoming a victim.
  • 3 Ways Detecting Software Tampering Differs From Finding Vulnerabilities Recorded: Oct 14 2021 33 mins
    Jasmine Noel, Sr. Product & Solutions Marketing, ReversingLabs
    The risk of supply chain attacks is only increasing as malicious actors target development environments and delivery processes to morph trusted software into a weapon. Today various stages of supply chain attacks can be executed with tampered software or malware masquerading as trusted applications and updates.

    During this webinar, Jasmine Noel, Sr. Product & Solutions Marketing, will cover why existing application security testing and software composition analysis have struggled to reliably detect indicators of tampering, the differences between tampering and vulnerabilities, and the three tampering detection techniques required to improve visibility across the software supply chain. This will include covering which indicators must be detected, what software artifacts must be assessed, and when assessments must occur.
  • How to Hunt for Ransomware Variants in Your Malware Lab - Data Exfiltration Recorded: Oct 6 2021 60 mins
    Rob Simmons, Independent Malware & Threat Researcher at ReversingLabs
    Over the past year, a major change in tactics employed by ransomware adversaries has been to exfiltrate data from the victim's environment. This data then serves as the material for an extortion threat on top of the ransom for encrypted data, and has become a common tactic by most major ransomware families. To support this tactic, some ransomware operators have added a specific type of malware to perform this exfiltration to their intrusion set.

    During this webinar, Rob Simmons, Independent Malware & Threat Researcher at ReversingLabs, will analyze a ransomware sample that performs data exfiltration in his malware lab. Rob will show how the malware uploads a set of files from the victim's computer to command and control servers, how to identify anti-analysis behavior, and then how to hunt for related variants of the same malware.
  • Automating File Analysis: 5 Key Capabilities for Your Malware Lab Recorded: Sep 29 2021 52 mins
    Chip Epps, Director of Product & Solutions Marketing
    The industry is quickly maturing beyond the need to just respond to attacks. Given the increasing risk associated with digitized business, organizations are realizing they need to assess threats targeting their own organization and stay ahead of attackers. They need to understand what might happen next, as well as what has already happened. This requires actively looking at the files across all sources of incoming digital content including email, web, file shares, file upload applications and storage, software releases and supply chain. This is the underlying driver behind the Malware Lab- to centralize malware analysis and research, consolidate tools, and automate processes in order to gain visibility into how threat actors might attack their organization, as well as serve the needs of incident responders.

    In this session, we’ll discuss:

    - Why organizations are moving toward understanding adversary and attack behaviors locally, and those trends likely to impact their business.
    - What key capabilities are required as part of the “Malware Lab” to not only respond to attacks, but to provide the needed visibility to thwart adversaries before they attack.
    - How to consolidate and optimize file analysis tools, (e.g. static and dynamic analysis), accelerate investigation times and hunt for latent threats.
    - How to apply more explainable IOCs and actionable insights on malicious payloads to prepare for an adversary's attack in advance.
  • Lessons Learned from the SolarWinds SunBurst Attack Recorded: May 13 2021 58 mins
    Tomislav Pericin, Co-Founder & Chief Software Architect, ReversingLabs
    The SolarWinds breach was a wake up call to organizations worldwide - a sophisticated attack that applied time and patience to circumvent the developer build and release process in order to gain access to thousands of trusting customers. During this session, Tomislav Peričin, Chief Software Architect & Co-Founder at ReversingLabs, will pull back the curtain offering insights into how ReversingLabs helped to expose the origins of the SunBurst attack, discuss security gaps every developer and IT software management function must prioritize, and detail solutions necessary to mitigate these new risks. This will include:

    • Walking through the anatomy of the SunBurst attack.
    • Detailing how the build server and source code was compromised.
    • Highlighting what contributed to the hunt and investigative process.
    • Discussing why xAST and AV need to be augmented to detect these attack types.
    • Recommending necessary technology and process requirements to detect similar future attacks.
  • How to Inject Security Into the Software Development Lifecycle Recorded: May 6 2021 60 mins
    Rob Simmons, Independent Threat Researcher, Chip Epps, Director Product & Solutions Marketing, ReversingLabs
    Digital transformation represents perhaps the most significant business challenge facing organizations today, with the promise of improving business productivity, expanding market reach, optimizing product and service delivery, and improving customer satisfaction. Software has a big role to play, and has introduced new technologies, processes, and associated skills required to capitalize on this transformation. However, with this new dynamic environment comes some risk, as attackers are already exploiting vulnerabilities in the supply chain. Watch our webinar to hear how software supply chains are evolving and how security processes and controls can automate SOC response to potential risk by:
    - Validating open-source packages and other dependencies
    - Running build-time analysis and retro-scans of archived repositories for additional detection
    - Validating third-party software before re-packaging and distribution We'll review the fundamental construct of contemporary supply chains, show examples of recent attacks targeting these environments, and how ReversingLabs file reputation and static analysis controls intervene to prevent the propagation of malware.
  • Building a Better Malware Lab Recorded: Apr 29 2021 46 mins
    Chris Hoff, Product & Solutions Marketing Manager, ReversingLabs & Steve Garrett, VP of Customer Success, ReversingLabs
    Keeping up with the innovation in malware tactics can be a full-time job. Companies are learning the value of doing their own research into attacks and are building dedicated labs to learn how the attacks work. ReversingLabs has been helping a number of our customers build unified malware labs into their business processes that removes the complexity of supporting multiple tools and adds automation to effectively help security teams understand the malware and take action.

    During this session, we’ll discuss:

    - The value of safely adding a unified malware lab to your organization
    - How customers are using their labs to understand attacks and respond faster
    - The organizational benefits of providing malware as a service to business units
    - Why having a dedicated lab will reduce the possibility of accidental infection
  • Lessons Learned from the SolarWinds SunBurst Attack Recorded: Mar 11 2021 57 mins
    Tomislav Pericin, Co-Founder & Chief Software Architect, ReversingLabs
    The SolarWinds breach was a wake up call to organizations worldwide - a sophisticated attack that applied time and patience to circumvent the developer build and release process in order to gain access to thousands of trusting customers. During this session, Tomislav Peričin, Chief Software Architect & Co-Founder at ReversingLabs, will pull back the curtain offering insights into how ReversingLabs helped to expose the origins of the SunBurst attack, discuss security gaps every developer and IT software management function must prioritize, and detail solutions necessary to mitigate these new risks. This will include:

    • Walking through the anatomy of the SunBurst attack.
    • Detailing how the build server and source code was compromised.
    • Highlighting what contributed to the hunt and investigative process.
    • Discussing why xAST and AV need to be augmented to detect these attack types.
    • Recommending necessary technology and process requirements to detect similar future attacks.
  • 5 Ways to Mitigate Costly Software Supply Chain Attacks Recorded: Jan 28 2021 57 mins
    Chip Epps, Director Product & Solutions Marketing, ReversingLabs, Mike Cote, Sr. Director of Product Management, ReversingLab
    Developing your digital business means developing new web and mobile applications, migrating to cloud, and evolving DevSecOps practices to accelerate time to market. Yet cyberattackers have aggressively been targeting your software supply chain, including open-source repositories, to act as malware distribution platforms. With today’s software more reliant on third-party and open-source software, your software development lifecycle (SDLC) demands more checks to validate the integrity of your build, release and production software. In this session we discuss: • How to secure your supply chain with rapid analysis, authoritative file intelligence, and increased threat visibility. • How to integrate security monitoring and Application Lifecycle Security into your SDLC • How to leverage CVE data against a list of IOCs to proactively prioritize patches and fixes • How to apply tools like YARA to retroactively scan for your risks across your release history.
  • How to Inject Security Into the Software Development Lifecycle Recorded: Jan 26 2021 59 mins
    Rob Simmons, Independent Threat Researcher, Chip Epps, Director Product & Solutions Marketing, ReversingLabs
    Digital transformation represents perhaps the most significant business challenge facing organizations today, with the promise of improving business productivity, expanding market reach, optimizing product and service delivery, and improving customer satisfaction. Software has a big role to play, and has introduced new technologies, processes, and associated skills required to capitalize on this transformation. However, with this new dynamic environment comes some risk, as attackers are already exploiting vulnerabilities in the supply chain. Watch our webinar to hear how software supply chains are evolving and how security processes and controls can automate SOC response to potential risk by:
    - Validating open-source packages and other dependencies
    - Running build-time analysis and retro-scans of archived repositories for additional detection
    - Validating third-party software before re-packaging and distribution We'll review the fundamental construct of contemporary supply chains, show examples of recent attacks targeting these environments, and how ReversingLabs file reputation and static analysis controls intervene to prevent the propagation of malware.
  • Understanding Attacks Like Ryuk Before It's Too Late Recorded: Dec 29 2020 45 mins
    Chris Hoff, Product & Solutions Marketing Manager, ReversingLabs & Rob Simmons, Independent Malware Researcher
    Ransomware isn’t going away. Many ransomware families have changed their tactics and victim-targeting in recent years. Rather than indiscriminate attacks against anyone they’re able to infect, they have moved to a process called “big game hunting”. The reality is many organizations simply don’t have the capabilities to find or remediate the threat in time. With the FBI reporting attackers generating over $61 million dollars from the Ryuk family alone we can be sure the evolution will continue.

    Security teams are under increased pressure to build more effective solutions which includes the ability to proactively hunt for new attacks. In this webinar we will discuss the ways threats like ransomware operate and act as a conduit for other forms of attacks.

    • The current state of Ransomware and how it is becoming more targeted
    • How to use the A1000 to hunt for threats using YARA
    • How to bring new visibility about file risks into your SOC process
    • How to apply this new intelligence on Ryuk to actively update your defenses
  • ReversingLabs Enrichment for Anomaly ThreatStream Recorded: Dec 10 2020 34 mins
    Chris Hoff, Product & Solutions Marketing Manager, ReversingLabs
    There's a big difference between having data and creating threat intelligence. ReversingLabs provides a modular, high volume file classification system that when integrated with Anomali Threatstream allows organizations to identify threats across your security landscape and create actionable threat intelligence. Together we allow analysts to speed the detection of threats and automate tasks typically assigned to security professionals.
  • Explainable Threat Intelligence - Moving Beyond "Black Box" Threat Convictions Recorded: Dec 8 2020 59 mins
    Tomislav Pericin, Chief Software Architect & Co-Founder, ReversingLabs & Chip Epps, Director of Product & Solutions Marketing
    What if todays security analysts had access to the most timely and relevant threat intelligence, in a consumable easy to understand manner that was interpretable, verifiable, and explainable? Watch our webinar as we examine the next generation of explainable threat intelligence solutions and how ReversingLabs has taken a fresh look at machine learning classification. In this session, well discuss: - How contemporary malware is challenging security teams, and why destructive object insights are so relevant; - How new explainable machine learning models are improving analyst malware knowledge and SOC productivity over time; - How the concept of transparency and being able to defend a classification decision is empowering the SOC team and facilitating cross functional collaboration; - How this new threat intelligence integrates to existing environments (e.g. SIEM, SOAR) and maps to common attack frameworks (MITRE ATT&CK).
  • How Dangerous File Uploads Disrupt Critical Business Web & Mobile Apps Recorded: Dec 3 2020 62 mins
    Chip Epps, Director of Solutions & Product Marketing, ReversingLabs; Brian Soldato, Director, Field Engineering, ReversingLab
    Digital transformation, accelerated by COVID-19, is fueling expansion in rich new functionality for web and mobile applications. New digital processes rely on the creation, transfer, and sharing of rich content as files or binary objects that embody all the components needed to deliver the right experience to the recipient. A massive new problem is that applications now need to support thousands of different file formats that define the specific structures necessary to render that experience, even when they are simply classified as documents, archives, images or multimedia. Unfortunately these same files can be leveraged by attackers who insert malware into these objects, which often goes undetected by traditional security. In this session, well discuss: • How complex file structures are defined, and how high risk document, multimedia, and archive formats are commonly exploited within businesses today • How new digital business processes such as web and mobile app file uploads can unknowing deliver infected files into your organization • How you can leverage file analysis technologies within your new digital platforms to securely enable your digital business, and • How these technologies can be applied to detect destructive objects and accelerate your response actions without impacting the business.
  • Hunting for Nation State Attacks Recorded: Nov 11 2020 59 mins
    Chuck McWhiter, Sr. Sales Engineer at ReversingLabs; Chris Hoff, Product & Solutions Marketing Manager at ReversingLabs
    Nation state attackers like the Lazarus group from North Korea are highly skilled and well funded. They have the luxury of continually probing and attacking their targets until they are successful. Defenders, on the other hand, need the ability to not just deflect the attacks they see but hunt for the signs that their defenses have been breached.

    In an environment where the threat is specifically targeted at your organization, malware payloads will be highly customized which makes it hard to detect based on a standard list of IOC’s.

    This webinar will demonstrate how we used the Titanium Platform to correlate known IOC’s to discover hidden threats from the Hidden Cobra APT group. You will learn how to find similar malware samples targeting your organization that aren’t covered by released IOC lists.

    In this webinar, we’ll discuss and demonstrate:

    - How to analyze files in milliseconds vs hours

    - How to feed high quality intelligence into your defenses using our API’s

    - How to bring new visibility about file risks into your SOC process
  • Securing the SDLC: How to Mine for Malicious Ruby Gems Recorded: Nov 5 2020 56 mins
    Chuck McWhirter, Sr. Sales Engineer at ReversingLabs; Chris Hoff, Product & Solutions Marketing Manager at ReversingLabs
    Typosquatting in software repositories is still an effective way to spread malware. The ReversingLabs threat research team recently found over 760 malicious Ruby packages in the RubyGems package manager that are successfully infecting software source code allowing commercial applications to be shipped with malware.

    Watch our "How To" webinar where we will discuss:

    - The implications of this attack on the software development lifecycle;

    - The risks to end users;

    - And how to build security into your process.
  • Applying YARA to Uncover Hidden Phishing Threats Recorded: Nov 3 2020 40 mins
    Robert Simmons, Independent Malware Researcher & Threat Researcher at ReversingLabs; Steve Garrett, Director of Customer Succ
    Phishing continues to be a primary attack vector, preying on unsuspecting yet targeted end users who unintentionally infect their systems. Often these attacks introduce new or updated malware which can go undetected for months. And to exacerbate the security challenge, EDR systems don’t often retain histories of the binaries executed on local endpoints. So organizations are faced with the dilemma- how do I uncover phishing payloads across my endpoints months after their IOCs are known?

    In this webinar, we’ll discuss:

    ● How to leverage an Email AbuseBox or “local repository” for suspicious Phishing attachments, and have this available for retro-hunting

    ● How to create a custom YARA rule to search for a particular byte sequence indicative of new IOCs

    ● How to apply these YARA rules across local repositories

    ● How to automate the retro-hunting process and alert on detections for action.
  • How Dangerous File Uploads Disrupt Critical Business Web & Mobile Apps Recorded: Oct 28 2020 63 mins
    Chip Epps, Director of Solutions & Product Marketing, ReversingLabs; Brian Soldato, Director, Field Engineering, ReversingLab
    Digital transformation, accelerated by COVID-19, is fueling expansion in rich new functionality for web and mobile applications. New digital processes rely on the creation, transfer, and sharing of rich content as files or binary objects that embody all the components needed to deliver the right experience to the recipient. A massive new problem is that applications now need to support thousands of different file formats that define the specific structures necessary to render that experience, even when they are simply classified as documents, archives, images or multimedia. Unfortunately these same files can be leveraged by attackers who insert malware into these objects, which often goes undetected by traditional security. In this session, well discuss: • How complex file structures are defined, and how high risk document, multimedia, and archive formats are commonly exploited within businesses today • How new digital business processes such as web and mobile app file uploads can unknowing deliver infected files into your organization • How you can leverage file analysis technologies within your new digital platforms to securely enable your digital business, and • How these technologies can be applied to detect destructive objects and accelerate your response actions without impacting the business.
Explainable Threat Intelligence
ReversingLabs is the leading provider of explainable threat intelligence solutions that shed the necessary light on complex file-based threats for enterprises stretched for time and expertise. Its hybrid-cloud Titanium Platform enables digital business resiliency, protects against new modern architecture exposures, and automates manual SOC processes with a transparency that arms junior analysts to confidently take action.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Automating File Analysis: 5 Key Capabilities for Your Malware Lab
  • Live at: Sep 29 2021 3:00 pm
  • Presented by: Chip Epps, Director of Product & Solutions Marketing
  • From:
Your email has been sent.
or close