Using Ancient Math to Speed Up Security Assessments of Windows Executables

Discover how to significantly accelerate security assessments of Windows executables in this 31-minute conference talk from BSidesSF 2018. Learn about applying Euclidean Distance and Bayes Theorem to static metadata from Windows programs, enabling rapid triage of multiple executables within seconds. Explore the development of a tool designed to identify high-priority targets for reverse engineering, dramatically reducing the time traditionally spent on initial assessments. Gain insights into practical applications of this approach, including anonymized success stories and lessons learned from its evolution. Understand how individuals with limited resources can adapt this methodology to various areas of security analysis, enhancing efficiency in highly regulated environments under time constraints.

BSidesSF 2018 - Using Math to Speed Up Security Assessments of Windows Executables (Cole Thompson)