Sign up to save your podcasts
Or
Share Blue Team Diaries E012: Danny Quist
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Blue Team Diaries E012: Danny Quist
Join us as we explore the shadowy world of malware analysis with this episode featuring Danny Quist, a seasoned security researcher, and host Peter Manev pulls back the curtain on the complex, yet critical, process of reverse engineering malicious code.
Danny highlights the challenges malware analysts face, particularly when encountering new or custom threats, and describes how they exploit the tendency of malware authors to reuse code from previous projects, turning their predictable habit into a valuable clue. Danny also explains that while larger malware samples might contain pre-written libraries, making them initially easier to dissect; it’s the smaller, more sophisticated malware written in languages like Go that can present a new challenge. The conversation concludes by delving into the motivations driving malware attacks.
Whether you're a cybersecurity professional or simply curious about the digital threats lurking online, this interview with Danny Quist offers a fascinating glimpse into the world of malware analysis.
Key Takeaways:
- Reverse engineering challenges: Malware analysis is complex, especially for new or custom malware. However, reverse engineers can exploit the fact that malware authors often reuse code from previous projects or libraries.
- Finding the right tool: The best tool for reverse engineering depends on the situation. Danny discusses using Binary Ninja, IDA Pro, and Ghidra, each with its pros and cons.
- Process for analyzing new malware: When encountering new malware, analysts need to identify the existing code (e.g., libraries) and the new code written by the malware author. This helps focus the analysis effort.
- Difficulties of different malware types: Large malware is easier to analyze because it often contains pre-written libraries. Smaller malware written in complex languages (e.g., Go) can be trickier.
- Challenges of catching malware actors: While finding and catching malware actors is difficult, it's not impossible. They make mistakes, and security researchers can use various techniques to track them down.
- Motivations of malware actors: Malware actors can be financially motivated or have other goals. Some target specific entities, while others deploy ransomware and spam malware more broadly.
Biography
Danny Quist is the CTO of Unit129, Inc., a security startup. Previously he has worked at Redacted, Bechtel, MIT Lincoln Laboratory, and Los Alamos National Laboratory as an incident responder, reverse engineer, and manager of security engineering. His primary interests are weird incident response problems, reverse engineering strange malware, and managing security and engineering teams. Danny holds a Ph.D. in Computer Science from New Mexico Tech. He has previously spoken at Blackhat, Defcon, RSA, ShmooCon, and CactusCon.
LinkedIn: https://www.linkedin.com/in/dannyquist
View all episodes
By by Stamus NetworksJoin us as we explore the shadowy world of malware analysis with this episode featuring Danny Quist, a seasoned security researcher, and host Peter Manev pulls back the curtain on the complex, yet critical, process of reverse engineering malicious code.
Danny highlights the challenges malware analysts face, particularly when encountering new or custom threats, and describes how they exploit the tendency of malware authors to reuse code from previous projects, turning their predictable habit into a valuable clue. Danny also explains that while larger malware samples might contain pre-written libraries, making them initially easier to dissect; it’s the smaller, more sophisticated malware written in languages like Go that can present a new challenge. The conversation concludes by delving into the motivations driving malware attacks.
Whether you're a cybersecurity professional or simply curious about the digital threats lurking online, this interview with Danny Quist offers a fascinating glimpse into the world of malware analysis.
Key Takeaways:
- Reverse engineering challenges: Malware analysis is complex, especially for new or custom malware. However, reverse engineers can exploit the fact that malware authors often reuse code from previous projects or libraries.
- Finding the right tool: The best tool for reverse engineering depends on the situation. Danny discusses using Binary Ninja, IDA Pro, and Ghidra, each with its pros and cons.
- Process for analyzing new malware: When encountering new malware, analysts need to identify the existing code (e.g., libraries) and the new code written by the malware author. This helps focus the analysis effort.
- Difficulties of different malware types: Large malware is easier to analyze because it often contains pre-written libraries. Smaller malware written in complex languages (e.g., Go) can be trickier.
- Challenges of catching malware actors: While finding and catching malware actors is difficult, it's not impossible. They make mistakes, and security researchers can use various techniques to track them down.
- Motivations of malware actors: Malware actors can be financially motivated or have other goals. Some target specific entities, while others deploy ransomware and spam malware more broadly.
Biography
Danny Quist is the CTO of Unit129, Inc., a security startup. Previously he has worked at Redacted, Bechtel, MIT Lincoln Laboratory, and Los Alamos National Laboratory as an incident responder, reverse engineer, and manager of security engineering. His primary interests are weird incident response problems, reverse engineering strange malware, and managing security and engineering teams. Danny holds a Ph.D. in Computer Science from New Mexico Tech. He has previously spoken at Blackhat, Defcon, RSA, ShmooCon, and CactusCon.
LinkedIn: https://www.linkedin.com/in/dannyquist