Finding the Signal in the Noise - Quantifying Advanced Malware

Explore advanced malware analysis techniques in this 44-minute conference talk from DerbyCon 3.0. Delve into the process of finding valuable insights within large datasets of malware samples. Learn about the initial goals of the research, the importance of sample size, and the results obtained from day one analysis. Discover insights on signed binaries, Microsoft's role, APT wonders, and Android keys. Examine the PCKey issuer and discuss next steps for improving malware analysis, including better grouping methods and identifying active threats. Understand why Cuckoo Sandbox is not utilized in this approach. Gain valuable knowledge to enhance your ability to quantify and analyze advanced malware in the ever-evolving cybersecurity landscape.

Intro
You can find nuggets of gold
Our initial goals
Size does matter
Results
Day 1 Analysis
Signed binaries
Microsoft King
APT Wonders
Android Keys
PC
Key
issuer
next steps
better grouping
who is active
why we dont use Cuckoo