Stealth Secrets of the Malware Ninjas presented at BlackHatDC 2007

by Nick Harbour,

URL : https://www.blackhat.com/presentations/bh-usa-07/Harbour/Presentation/bh-usa-07-harbour.pdf

Summary : It is important for the security professional to understand the techniques used by those they hope to defend against. This presentation focuses on the anti-forensic techniques which malware authors incorporate into their malicious code, as opposed to relying solely on an external rootkit. In addition to describing a number of known but scarcely documented techniques, this presentation will describe techniques which have never been observed through the presenter's experience with incident response and malware reverse engineering. This presentation will contain a great deal of highly technical content which covers the specifics of the techniques down to the machine instruction level. For the security professional/enthusiast with a limited technical background in this area, this presentation will serve as an eye-opening overview of malware anti-forensic techniques as well as a limited introduction to forensic analysis.
Introduced in this presentation will be a new tool for identifying malicious executables, a toolkit to achieve data hiding, manipulation and infection of executable files and a new technique for manual process execution under unix.