Cisco Talos

Vitor Ventura

Android Malware Analysis: From triage to RE

Android malware is packing anti-analysis and anti-debug techniques. This workshop will provide the attendees with the knowledge to apply and adapt techniques aimed at bypassing such protections.

The workshop has a total of 4 live demos, one for each topic and additionally the attendees will be provided with a set of exercises to perform the same techniques on different samples. Solutions will be provided at the end of the workshop.

This is a full hands on workshop designed to provide the attendees with the knowledge to bypass the most common techniques used by malware to prevent analysis. During the workshop no automated tools will be used for analysis. The objective is that the attendees understand how they can use techniques like instrumentation and patching to help them analyze and bypass malware defenses when the automated tools fail, while using only free and open source tools.

Vitor Ventura is a Cisco Talos security researcher and manager of the EMEA and Asia Outreach team. As a researcher, he investigated and published various articles on emerging threats. Vitor has been a speaker in conferences, like VirusBulletin, NorthSec, Defcon’s Crypto and Privacy Village, among others. Prior to that he was IBM X-Force IRIS European manager where he was the lead responder on several high profile organizations affected by the WannaCry and NotPetya infections. Before that he did penetration testing at IBM X-Force Red, leading projects like Connected Car assessments and ICS security assessments, custom mobile devices. Vitor holds a BSc in Computer Science and multiple security related certifications like GREM, CISM.