Malware Reverse Engineering Workshop 2014

MRE2014 was held on August 25th, and was a great success, we thank our presenters and attendees, and a special thanks to our sponsor PhishLabs.

Following the success of the 2013 Malware Reverse Engineering workshop, we are holding the 2014 event this August in Melbourne. We are pleased to announce that the Malware Reverse Engineering Workshop (MRE) is open for registration. This workshop aims to share technical advances in the field of malware analysis, including static analysis, behavioural analysis and recent findings in malware internals.

This year's event is sponsored by PhishLabs, a fast-growing company that provides cybercrime protection and intelligence services. Their clients including many of the most targeted businesses in the world, including 4 of the top 5 US financial institutions, and several banks in Australia and New Zealand.

2014's event was hosted by the Internet Commerce Security Laboratory at Federation University Australia and held on August 25th, 2014, in Melbourne. The venue will be the Royal Society of Victoria, (8 La Trobe Street, Melbourne). The agenda is available here.

International Keynote: Pete Szabo

Senior Malware Researcher, Sophos Canada

A study of Malware's anti-analysis and anti-detection techniques

Pete will be talking about techniques malware authors use to make analysis and detection difficult using otherwise normal components. Real world examples, including banking malware and and the reverse engineering of a POS scraper.

Invited Speakers

  • Jon Oliver, Trend Micro: "Malicious Viral Campaigns"
  • Paul Black, PhishLabs: "Software similarity in banking malware"
  • Silvio Cesare, Qualys: "Malware analysis automation"
  • Dan Xu, Internet Commerce Security Laboratory: "What's in My Mobile Malware Analysis Toolbox"
  • Sean Park, Kaspersky: "APT Penetration Testing Framework"
  • Ian Welch, Victoria University of Wellington, "Empirical Analysis of the Impact of HTTP Referer upon Malicious Website Behaviour and Delivery"
  • Robert Layton, Internet Commerce Security Laboratory: "Determining the provenance of binaries"

Topics include reverse engineering, behavioural analysis and attributing of malware, with talks focused on practice and implementations. Industry representatives from the financial sector, government agencies, security industry and academia are invited to attend.

Organising Committee

Robert Layton, Research Fellow, Internet Commerce Security Laboratory, Federation University Australia.
Paul Black, Senior Threat Researcher, PhishLabs.
With thanks to Helen Wade, Administration Support Officer, Federation University Australia.

Registration

Registrations will cost $100, with a $50 discounted option for students (both undergraduate and postgraduate).

Registrations can be done through EventBrite at this page.

Another option is to register, please download this form, fill it out, sign it and send to finance.cashier@federation.edu.au
For security purposes, you can optionally encrypt the file with the following key and send to Robert Layton <r.layton@federation.edu.au>, who will decrypt it and deliver to Finance.

Student ticket grant

We are also providing 5 tickets free of charge to eligible students. To apply for one, please send a paragraph of less than 250 words to r.layton@icsl.com.au outlining:

  • Your current project
  • Your previous achievements in malware reverse engineering or related fields
  • Your future goals

Tickets will be allocated to the top five entries, which will be ranked according to (1) quality of written proposal,  and (2) relevance to malware reverse engineering. Please speak with your supervisor before submitting, as you may need to consider Intellectual Property issues before talking about your future goals.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQENBFOziXUBCACn4e/wIVKsoeIuYhy76lUQNOPszpUlY3Q6vv3LSwsvKMBVVwYh
s9Qu0htLnRtfIT4pIJ8Sx0o60XBAxQiiPox946s6293iDzPo908BiZgRNY19sjJB
rYnp5UUkUqpDiofqLSQCUwgHAlyEE7WA/sUSqJcUonEyibf/7+1DL4r9GVQJEx5T
sbSBuqUbxSTGHyFk73p1ijTqrrFqot3vz2SEo0l5EECEGPB+7IXvulMHt4HLjewx
ZO+BlDqoUAU4l27Btjb1D1OIrRRz/5YoDsUT3RoIr5MvXugERDQtQcqDQG34rX98
ukiD6NKhI/qc+TXHiKO83jOUV4cfzQDMoEKbABEBAAG0NFJvYmVydCBMYXl0b24g
KE1SRTIwMTQpIDxyLmxheXRvbkBmZWRlcmF0aW9uLmVkdS5hdT6JAT4EEwECACgF
AlOziXUCGwMFCQDtTgAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBVkc0gX
las0+0EH+wRzFulw/DUANCKBmFggBI2rJSINLSwjhwbuP32RpbAI6tSVhIf5v/tL
yrb0UOiQ2tgHh/QgkT3ONXRq1YQRoyYyqo1fmX3uyMmNxuyQtDFLFxOQ9X9AGkfo
Uy+DTxeoR1cncbshS2AE2vvIefUqDEhcwlliQJG9i1OQ2E46Nud7pW3Ql3M2iTXa
P5WmVVJbnLRG+yF+AH88c66h35NwJmlM3xXYV5BVLszEh7N0MrMNRaJLNi1RoQLd
x4iF4oe+HofNIA5/ecSN8jiIzAQnE735HXY4kI6Ttlx353CC72DdzYxXtwTohfE9
4ZqU6D1TbKIL7rb9gHMiuo/IGg/dI9W5AQ0EU7OJdQEIAM9JEOvufL4Be96UdFpt
Bit1JpWjJwHuulatgBz9S599amm7bNHE8LRqC7SZnxq2sA7Mg8ilSYoRG5kYHP4H
YWWx73FdJw+HVv6B/7cpo+RcSjEiVkLZwyAfQmI47WIIQDSKReC3gGoAYO0iha7A
JKJ+pVLM8dx5j0day7K1T+zEMWY9fxV2kWrVRhV9dji4yQq9+DgpUCJQyHowI6Tw
58YtzAhDtz8yn6eF7EbWWDsUsUoL8FsIuyUdbFd/XNho9i7LhOW5MEU87uKoMQf8
jzsB6bf0PUkv8cVr8G3Rv8TIoDLEQcATDvpMNqpbjqQ86buXLDKmmLyxWu+TWVMM
WqcAEQEAAYkBJQQYAQIADwUCU7OJdQIbDAUJAO1OAAAKCRAVZHNIF5WrNOWyB/9K
lqizGcvzQN+iVxQhn36prIFJpaKdS4YUglrdf9hR9pRYUdd0x/vmRwuyCr3m14/8
7X27FAFmhjcO2insSdD+PQtGy5bp7KabQXeK1XUOeum97nUobrTcybDdPmikXUYS
rRjRRvnzXFjU0TXUV9mHCY2p7bBNcrp2zCIMTpSQ/MCdR44xJN1wMlQoaCypu5Lr
l92RTodXMtd+FXeey1/u9QLGtkIAkIpHEYkkYbOU9E2SE4gKZ3xjJ76iigdIFmTm
Qy/ISY8GOq7KEM8FvD7TmLZzpnaeRL6e2bMNBnRneR7HRNGA6hahYMyxz1e32n04
FgPnn0g4z73ggon8q5O2
=cDnk
-----END PGP PUBLIC KEY BLOCK-----