Crystal City 2014

Crystal City, VA | Mon, Sep 8 - Sat, Sep 13, 2014

Reverse Engineering Mac Malware

  • Sarah Edwards
  • Thursday, September 11th, 8:15pm - 9:15pm

Dynamic malware reverse engineering helps forensic analysts and reverse engineers gather quick data points such as callout domains, file download URLs or IP addresses, and dropped or modified files. These methods have long been used on Windows malware...so why not Mac malware? This presentation introduces the audience to methods, tools, and resources to assist reversing Mac binaries with a Mac. Topics include Mach-O file format, virtualization, analysis VM setup, and various analysis tools (native and 3rd-party). This presentation is intended for those familiar with dynamic analysis (with a touch of static thrown in) or for those reverse engineering masters of the Windows executable to get a introductory idea of how to start analyzing Mac malware.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, September 8
Session Speaker Time Type
General Session - Welcome to SANS Dr. Eric Cole Monday, September 8th, 8:15am - 8:45am Special Events
APT: It is Time to Act Dr. Eric Cole Monday, September 8th, 7:15pm - 9:15pm Keynote
Tuesday, September 9
Session Speaker Time Type
Continuous Ownage: Why you Need Continuous Monitoring Seth Misenar Tuesday, September 9th, 7:15pm - 8:15pm SANS@Night
Digital Forensics - The Human Cost Lee Whitfield Tuesday, September 9th, 8:15pm - 9:15pm SANS@Night
Wednesday, September 10
Session Speaker Time Type
Weaponizing Digital Currency G. Mark Hardy Wednesday, September 10th, 7:15pm - 8:15pm SANS@Night
Active Defense in Network Security Robert M. Lee Wednesday, September 10th, 8:15pm - 9:15pm SANS@Night
Thursday, September 11
Session Speaker Time Type
Automating Linux Memory Capture for Analysis Hal Pomeranz Thursday, September 11th, 7:15pm - 8:15pm SANS@Night
Reverse Engineering Mac Malware Sarah Edwards Thursday, September 11th, 8:15pm - 9:15pm SANS@Night
Friday, September 12
Session Speaker Time Type
New School Forensics: Latest Tools and Techniques in Memory Analysis Chad Tilbury Friday, September 12th, 7:15pm - 8:15pm SANS@Night