LOBO: Scalable Covert Malware Analysis presented at Breakpoint 2013

by Danny Quist,

Summary : Dynamic malware analysis is a well rounded field that suffers from known problems: Analysis is slow, detectable, expensive, and fail to relate back to manual reverse engineering techniques. This talk introduces the Lobotomizer (Lobo for short), a modernized scalable hypervisor based analysis system for large-scale, high-speed analysis of malicious executables. We implement modifications to the Linux kernel virtual machine to provide host based introspection. From here we feed into visualization systems, IDA Pro, and other analysis tools. Lobo has a full API based monitoring system, along with client libraries for integration into existing projects.

Danny Quist: Danny Quist is the CEO and founder of Offensive Computing, LLC. His research is in automated analysis methods for malware with software and hardware assisted techniques. He has written several defensive systems to mitigate virus attacks on networks and developed a generic network quarantine technology. He consults with both private and public sectors on system and network security. His interests include malware defense, reverse engineering, exploitation methods, virtual machines, and automatic classification systems. Danny holds a Ph.D. from the New Mexico Institute of Mining and Technology.