Xavier Mertens
Xavier Mertens is a freelance security consultant running his own company based in Belgium (Xameco). With 20+ years of experience in information security, Xavier finds “blue team” activities more attractive. Therefore, his day job focuses on protecting his customers' assets by providing services like incident handling, malware analysis, forensic investigations, log management, security visualization, and OSINT). Besides his day job, Xavier is also a Senior Handler at the SANS Internet Storm Center, Certified SANS Instructor (FOR610, FOR710), security blogger and co-organizer of the BruCON security conference.
Session
When we are performing investigations (threat intel, hunting, forensics, malware analysis or anything else), our path is full of pitfalls or more commonly called, “biases”. We do you day to day job, we have our tools, processes and follow playbooks but are we certain that we are not missing crucial informations? In the first half of the talk, I'll explain how we can improve and use our senses in a better way: observe instead of see, listen instead of hear, etc. In the second part, I'll review some common issues that people do when performing malware analysis with real examples that I observed here and there. Even if the abstract mentions “malware analysis”, this is not a very technical talk but it will be helpful for all infosec practitioners.