[Security Masterminds] Breaking It Down to Bits & Bytes: Analyzing Malware To Understand the Cybercriminal



In our latest episode of Security Masterminds, we have the pleasure of interviewing Roger Grimes, Data-Driven Defense Evangelist for KnowBe4, who has held various roles throughout his career. In the episode, Roger discusses his early days of malware disassembly, the trials and tribulations of public speaking, and his magnum opus, his book about data-driven defense.Roger has a unique background that includes a degree in accounting, a CPA, being a paramedic, skydiving and base jumping, and most importantly, being an early pioneer in the computer security industry. As one of the experts in the field, Roger has been in the industry since the early days of malware. We will delve into his journey and experience that has helped him grow as a person, a cybersecurity specialist, and a leader. 

 

About Roger Grimes

Roger Grimes is the Data-Driven Defense Evangelist for KnowBe4 and a cybersecurity expert with decades of experience in the industry. He has held various roles throughout his career, from certified public accountant and VP of IT to Principal Security Architect at Microsoft. Now, his primary focus is on protecting organizations from social engineering attacks. With his books and speaking engagements, he strives to help organizations implement a data-driven cybersecurity defense to protect their infrastructure and respond to threats quickly and accurately.

Why Is Malware Disassembly Necessary?

Early in his career, Roger learned how to disassemble malware that was just being discovered in the digital world. At the time, there were only four pieces of malware, and some computer experts believed that malware or viruses were a myth. Malware analysis is a vital aspect of cybersecurity because it allows security experts to understand how malicious software works, which can help them better protect their networks from attacks. By disassembling the code, security experts can determine the functions of the malicious code, the type of attack it is designed to execute, and any hidden backdoors or vulnerabilities that could exploit software.

Understanding malware allows experts to create tools and techniques to detect and prevent similar malicious activities in the future. In addition to helping protect networks, disassembling malware can also work towards attribution and determining an attacker's identity. By tracing the malicious code back to its creator, security experts can gain insight into the attacker's techniques and motivations, which can help them to develop better countermeasures. Disassembly can determine the signatures, which can detect similar malware in the future, allowing security experts to quickly identify and respond to threats before they can do any damage. 

A Deeper Dive Into Malware Analysis

When considering the need to disassemble malware, a few tools that may be helpful include:

  • Disassemblers: Can convert machine code into assembly language. Popular tools include IDA Pro or Ghidra. 
  • A debugger: Step through the assembly code and examine memory and register values. Popular tools: OllyDbg or WinDbg. 
  • A HEX editor: Used to view and edit the raw binary data of the malware. Popular tools include HxD or WinHex.
  • A virtual machine or an emulator: Used to run the malware in a controlled environment to observe its behavior. Some tools include VMWare, VirtualBox or QEMU.

Additional tools to assist in the analysis can include but are not limited to network sniffers, process explorers and memory dump utilities as well. These allow the expert to analyze the malware's actions and interactions with the system.

Essentially, malware disassembly is an essential technique for understanding and mitigating the threat of malware. Cybersecurity experts can develop more effective defenses and minimize the impact of attacks by reverse engineering malware and understanding its inner workings. However, organizations and individuals should be aware of the potential risks associated with malware disassembly and take steps to minimize these risks.

Listen to the New Episode Now!

Don’t like to click on redirected URLs? Cut & paste this link into your browser: https://www.buzzsprout.com/1892704/12038747


Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews