Doorkeeper

Becks Japan Reverse Engineering Edition

Fri, 17 Sep 2021 19:00 - 20:30 JST
Online Link visible to participants

Description

Online Becks Japan meetup features reverse engineering.

  • Notes:
    • This event will be hosted on Zoom Webinar.
    • All the talks will be spoken in Japanese.

Talks

  1. Anatomy of Android Packer ​using Native Library (by 中島将太 / サイバーディフェンス研究所)
  2. Hunting method of undiscovered variants: Case of LODEINFO (by 石丸傑 / Kaspersky)

Schedule

  • 18:30 - 19:00: Open the webinar
  • 19:00 - 19:50: Anatomy of Android Packer ​using Native Library
  • 19:50 - 20:00: (short break)
  • 20:00 - 20:30: Hunting method of undiscovered variants: Case of LODEINFO

Details

Anatomy of Android Packer ​using Native Library (by 中島将太 / サイバーディフェンス研究所)

Abstract:

本講演ではAndroidマルウェアで利用される技術を基礎から解説する。特にNative Library​を利用したパッカーの実装方法とGhidraを使った解析について深く掘り下げる。最後に実際の攻撃で使われるAndroidパッカーの実装を例示しながら解説する。

Profile:

株式会社サイバーディフェンス研究所でマルウェア解析、インシデントレスポンス業務、脅威情報の収集・分析業務に従事。加えて、有志のサイバーセキュリティリサーチチームnao_secでマルウェアを解析している。また、技術系同人サークルAllsafeのプロデューサー。JSAC、HITCON CMT、AVAR、CPRCon、Black Hat EUROPE Arsenal、CodeBlue BlueBoxなどで発表経験あり。

Language:

Japanese

Duration:

40m + QA

Hunting method of undiscovered variants: Case of LODEINFO (by 石丸傑 / Kaspersky)

Abstract:

According to JPCERT/CCs’ blog post[1][2][3] and Macnica Networks’ presentation in VB2020 localhost[4], LODEINFO is a unique fileless backdoor targeting Japanese organizations. This talk focuses on the analysis of LODEINFO malware, revealing its details and some characteristics.This presentation also mentions how to generate Yara rules in helping incident response and malware hunting.

Profile:

In 2008, he joined Kaspersky as a researcher based in Japan. He is now a member of the Global Research and Analysis Team (GReAT) APAC, focused on research of Advanced Persistent Threats (APT) and recent cyber threats in the APAC region.

Language:

Japanese

Duration

30m + QA

About this community

Becks

Becks

Beer and Hacks A community of hackers, security researchers, and anyone interested in security. (almost) Monthly meetups in Tokyo featuring top security researchers, practitioners, and beers from ...

Join community