Robert Simmons is an independent malware researcher. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others. Robert also is a maintainer of plyara, a YARA rule parser written in pure python.
Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.
Comparing Malicious Files
A critical step taken during the malware analysis process is to attempt to determine the malware family a sample may belong to. Even if one cannot link a file to a family, one must at least try to find files that are similar and extrapolate information about the sample from comparison with these similar files. This talk reviews a variety of methods for comparing files from simple to complex.
Come see Robert at RVAsec! Register now.