Blue Team Diaries by Stamus Networks

Join us as we explore the shadowy world of malware analysis with this episode featuring Danny Quist, a seasoned security researcher, and host Peter Manev pulls back the curtain on the complex, yet critical, process of reverse engineering malicious code.
Danny highlights the challenges malware analysts face, particularly when encountering new or custom threats, and describes how they exploit the tendency of malware authors to reuse code from previous projects, turning their predictable habit into a valuable clue. Danny also explains that while larger malware samples might contain pre-written libraries, making them initially easier to dissect; it’s the smaller, more sophisticated malware written in languages like Go that can present a new challenge. The conversation concludes by delving into the motivations driving malware attacks.
Whether you're a cybersecurity professional or simply curious about the digital threats lurking online, this interview with Danny Quist offers a fascinating glimpse into the world of malware analysis. 


Key Takeaways:
Reverse engineering challenges: Malware analysis is complex, especially for new or custom malware. However, reverse engineers can exploit the fact that malware authors often reuse code from previous projects or libraries.Finding the right tool: The best tool for reverse engineering depends on the situation. Danny discusses using Binary Ninja, IDA Pro, and Ghidra, each with its pros and cons.Process for analyzing new malware: When encountering new malware, analysts need to identify the existing code (e.g., libraries) and the new code written by the malware author. This helps focus the analysis effort.Difficulties of different malware types: Large malware is easier to analyze because it often contains pre-written libraries. Smaller malware written in complex languages (e.g., Go) can be trickier.Challenges of catching malware actors: While finding and catching malware actors is difficult, it's not impossible. They make mistakes, and security researchers can use various techniques to track them down.Motivations of malware actors: Malware actors can be financially motivated or have other goals. Some target specific entities, while others deploy ransomware and spam malware more broadly.

Biography
Danny Quist is the CTO of Unit129, Inc., a security startup. Previously he has worked at Redacted, Bechtel, MIT Lincoln Laboratory, and Los Alamos National Laboratory as an incident responder, reverse engineer, and manager of security engineering. His primary interests are weird incident response problems, reverse engineering strange malware, and managing security and engineering teams. Danny holds a Ph.D. in Computer Science from New Mexico Tech. He has previously spoken at Blackhat, Defcon, RSA, ShmooCon, and CactusCon.
LinkedIn: https://www.linkedin.com/in/dannyquist

Welcome to episode 11 of the Blue Team Diaries! In this episode, our host Peter Manev engages in a conversation with Dr. Josh Stroschein, Reverse Engineer @ FLARE with Google, as they delve into the world of malware analysis.
In this episode, you’ll learn:
Essential environments: Explore popular options like Remnix and Flare VM to set up your secure analysis workspace.Powerful tools: Discover functionalities of Olefile, oledump, and Cyber Chef used to dissect and decode suspicious files.Valuable resources: Gain access to helpful materials like Josh’s GitHub repository and curated malware sample libraries.The world of malware analysis can be daunting, but with the right guidance and tools, you can start chipping away at the mystery behind malicious files. Listen to this episode, because Dr. Josh Stroschein will equip you with the foundational knowledge to become a threat-hunting hero.

About Josh Stroschein

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer at Google (Chronicle), where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.

Where to find Josh Stroschein?
The Cyber Yeti - https://www.thecyberyeti.comLinkedIn - https://www.linkedin.com/in/joshstroschein

Welcome to episode 10 of the Blue Team Diaries! In this episode, our host Peter Manev engages in a conversation with Michael DiLalla from Penfield Central School District, providing an insider’s perspective on the dynamic world of cybersecurity within the public education sector.

Throughout the episode, Peter and Michael delve into various facets of cybersecurity, exploring Michael’s current work project, recounting a hair-raising encounter with ransomware, and dissecting the unique challenges of safeguarding a school system. Michael also emphasizes the importance of logs and scripting and shares practical advice for aspiring cybersecurity professionals. 

Michael’s passion for his work and dedication to keeping children safe are evident and this month’s podcast underscores the fulfilling reward that comes with protecting educational institutions.

While the main goal for any security team is avoiding a breach, having a comprehensive preparedness plan for when an attack occurs is equally, if not more, crucial.  This month, our host Peter Manev is joined by Xavier Ashe, senior vice president of Truist’s Cyber Defense Division. 

During the episode Xavier shares fascinating stories from the front lines of the cybersecurity industry and explains the importance of organizations being ready and able to quickly pivot and recover from adverse cyber events. Will your plan stand up to the test? 

Xavier also sheds light on the competitive nature of the cyber industry, especially for newcomers, and why aspiring enthusiasts should embrace the challenges and focus on understanding how the internet and security function. 

Tune in this month for a riveting discussion that unveils the necessity of being cyber resilient and offers invaluable insights for industry newcomers.

In the ever-evolving world of cybersecurity, staying one step ahead of malicious actors is critical. What used to be an effective security strategy five years ago may now leave you vulnerable to emerging threats. To safeguard sensitive data and assets, continuous innovation and adaptability are essential. 

In this month’s Blue Team Diaries episode, host Peter Manev engages in a thought-provoking discussion with guest Yorkvik Jacqmin, a senior SOC analyst at the European Commission. 

Yorkvik shares some captivating stories from the cybersecurity frontlines and explains the development of a new rule detection framework, how it differs from SIGMA, and what is the impact it has on the threat detection process.

Embarking on a career in the cybersecurity field can be a daunting task for those entering the classroom to learn about its ever-evolving challenges of the field. In our newest podcast, we’ll explore the indispensable role of mentors in helping to guide and shape the careers of cyber newcomers. 

Ryan Irving, a seasoned cyber professional, who serves as the Security Operations Center Manager, leads a student-operated Security Operations Center (SOC) as part of a degree program at the University of South Florida. The program integrates academia with real-world application and gives students an opportunity to develop the attributes that can contribute to their success as defenders. 

Join us for this month’s podcast, “Paving the Path for Cybersecurity Students,” as we discuss the essence of mentorship and explore the ever-evolving field of cybersecurity.

Find him here:
Linkedin: http://linkedin.com/in/ryan-i-63581229 
Twitter: https://twitter.com/rirving77 
Cyber Florida, University of South Florida: https://cyberflorida.org/