Please Join Us for
Black Hat, DEFCON Speaker
Sponsored by UAH Center for Cybersecurity Research and Education
3:00 – 5:00, October 26, 2023
UAH Chan Theater
Hors d'oeuvre Served
RSVP: email@example.com by October 17, 2023
In early 2022, Ukrainian companies were struck by multiple destructive wipers, attacking various companies in several sectors. This raised questions about the usage and impact of “digital weapons” within the security community, even though wipers themselves weren’t new. The infamous Shamoon wiper dates back more than a decade ago. How comes that wipers were as effective a decade ago, as they are in the present day? What has changed, and what remained the same? Based on the analysis of more than twenty recent wiper families, their trends, techniques, and overlap with other wipers will be discussed. Reusing code and techniques may link several wipers to the same actor, although the mere presence of such a link often leads to a hasty conclusion. This briefing is not the generic run-of-the-mill comparison of malware families, as it includes technical aspects of the analysed wipers, thus focusing on both the high- and low-level aspects of the destructive software.
The analysis does not only focus on the wipers used against Ukrainian victims, but also more generic wipers that were found in the wild around the same time. The parallels and differences between the targeted and generic wipers provide several interesting insights for the audience.
Throughout the conversation, there will be a focus on the analyst’s mindset, giving insight into my thoughts during the research. Including mistakes I made along the way, as well as assumptions that worked out better than I expected.
Max Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor's in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max has presented at international conferences, such as Black Hat (Arsenal) (USA, EU, MEA, Asia), DEFCON, Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he has been a guest lecturer and has conducted workshops for several universities and private entities.