Gary Golomb(Principal Security Researcher at NetWitness)

Network-based detection of PE structural anomalies and linker characteristics

Most current anti-virus utterly fails because runtime analysis on binaries on the host is difficult due to injection, hooking, and other subversion techniques. Static analysis on the host is also difficult because static traits of packed and obfuscated malware too closely matches those of legitimate binaries. Structural analysis of binaries and assessment of PE linker characteristics of those binaries on the network is proving to be a very effective method of identifying new malware on the network in near real-time. This session demonstrates effective techniques for near real time network-based detection of PE structural anomalies and linker characteristics resulting in a higher detection of advanced threats and zero day malware.

Sobre Gary Golomb

Mr. Golomb is a Principal Security Researcher at NetWitness Corporation, and served as founder and CEO of Proventsure, director of R&D and Competitive Intelligence at Enterasys Networks, and lead IT Forensics Investigator for the George Washington University (GWU). At GWU, Mr. Golomb led projects analyzing thousands of the university's computers for Personally Identifiable Information, security configuration, and policy compliance, and network detection of malware and policy and regulation violations. Academically, Mr. Golomb worked in the field of bioinformatics, proteomics, and pharmacogenomics at GWU, and created innovative algorithms for protein identification used in synthetic biomaterials and genome mapping. Mr. Golomb served in the U.S. Marine Corps as a Recon Marine in a direct action platoon in the 2nd Force Recon Company and deployed internationally as part of the Special Operations team of the 24th Marine Expeditionary Unit. Mr. Golomb has developed numerous groundbreaking techniques for detecting various types of data and activity in data in motion and data at rest.

« volver a Speakers

NOVEDADES


diseño: GrafikaWeb