Shooting Elephants presented at Syscan 2015

by Marion Marschalek,

Summary : As malware reverse engineer one writes the fanciest software documentations. A former malware author once told me, I write the papers his customers would have liked to see from him. At the same time, when seeing another report on the next big advanced super threat, my inner self kicks back and puts on half-moon specs. She sees the alleged malware authors laugh out loud about the missed details in the documentation they never wrote, their clients getting down to the books as their purchase loses massive value, and - the funniest party - the threat detection industry, frankly speaking, go wild.
Threat intelligence is a fresh business, and a rather hopeless one, if it were not for the marketing. Threats nowadays have logos, some even have animal names. Showing off strength it is, what a recently discovered APT (means Advanced Persistent Threat, they say) does on blogs and papers. But not only there, and not only for the marketing, these kind of advanced threats are precious treasures. Knowing about a threat someone else cannot identify is worth money, and a lot of it one might think when looking at the booming industry.
Finding malware is hard enough though, thus holding back information makes life a little more risky than it should be. Free after Bruce Schneier, malware full disclosure is the new pink; so I'll be shooting elephants at threat intel industry, to see if subsequently a crouching monkey comes out of the woods.