Hello, welcome to the Monday, January 11th, 2021 edition of the Sand Center Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Reverse engineering Malva is, of course, often shrouded under this mystery of reverse analysis of machine code and the like, and probably our reverse

analysis of malware and our intrusion detection classes are sort of our truly technical

defensive classes. But we do have a nice set of diaries by DDA from this weekend about demystifying this process

somewhat and coming up with simpler methods to figure out what Malver may potentially be doing.

By quickly, well, looking for interesting strings.

And DDA, of course, has a tool to make this easier.

His strengths dot p.Y tool, so he's running through a couple use cases there.

And before you say, hey, you know, there's possible of false positives, false negatives here, all true.

But personally, I find these methods really helpful for initial

triage of Malver. Before I figure out that a Malver is actually worth the hours of reversing,

because honestly, 99% of the Malver that you'll see are just small variations of malvern that you probably have looked at

before. And often I'm talking about research projects that are being presented. Like, for example,

Friday we had another science study student, but also research papers and such being published

by other universities.

But for a change, I have actually a paper where they are still waiting for input.

And I think the topic is really interesting and important.

So I would like to give them a little bit more exposure here.

It's not an easy survey to fill out.

And well, doing good surveys is actually quite difficult.

In this particular case, they're trying to figure out how reliable is the CVSS score.

...