James Stephenson

Bio

James currently works for a private bank, doing everything from reversing malware, hunting for attackers, hacking his co-workers, bypassing commercial security products, and pretending he knows what he is doing. His background includes pentesting, red-teaming, electronic design, and convincing people that he actually did these things.

Talk: Teaching old malware new tricks, also, why are ATM hackers working with German malware authors to deliver North Korean nation state malware?

Signature based Antivirus solutions have developed numerous techniques to link malware strains, but these techniques still allow a large number of strains to slip through daily. This talk will show how these strains are often only modified in part, and most commonly just have modified crypters/loaders, with the base strain being identical. A tool will also be released that will allow taking the core parts of different strains and families, and mixing them together to create new malware strains. These strains can leverage the best parts of multiple different code bases, developed by different actors, and can easily be modified to use new crypters/loaders, to roll new strains in a matter of seconds.