Abstract

With the rise in number of targeted attacks against government and private companies, there is a certain requirement for automated exploit analysis and filtering document file formats. There are large number of companies offering solutions and products claiming to be able to detect these kinds of threats (APTs). Our talk would be on the current drawbacks of these systems and how on how to perform intelligent analysis on a huge number of exploits. The aim of the talk would be to explain the intelligence that we have added on to our automation system using dynamic instrumentation and hybrid analysis, so that users could learn and utilize these techniques in detecting targeted attacks and automate exploit analysis. We have been working on an exploit analysis system, a free tool developed under Honeynet project. In my talk I would pass on to the users the various techniques I have learned from my past several months of adventures had with exploit analysis, that involves but not limited to exploit obfuscation, exploit reliability, automated analysis bypass, attribution, multi targeting and everything that makes targeted attacks scary.