2026-06-04 –, Track 2
We have all been there: you spent more time than you are willing to admit reverse engineering a few functions, only to discover that you were looking at the wrong functions. Your entire weekend wasted, or so you think. But, did you really? This talk dives into mistakes I have made in the past, along with commonly attempted shortcuts by many. The focus is not (only) on my mistakes, although you are free to laugh at my expense, but more so on the lessons learnt from them. In short, I hope that I can share the mistakes I made, so you don’t have to!
About 9 years ago I started reverse engineering malware, and by now I dare say I have a decent understanding of the analysis process. This did not come to me overnight (though part of it comes from many all-nighters). During my journey, I made a lot of mistakes. Some of them are due to me not understanding the intricate nitty gritty details of a specific type of binary, and some of them because I lacked a fundamental understanding of whatever I attempted to do at the time.
In this talk, I will dive into several rabbit holes that I dove into over time. Some of those were a mistake from the get-go, although that was unbeknownst to me at the time, and some of them were only visible as such once I understood it all. But the overarching theme is the same: I learned a lot from those mistakes, maybe even more so than some of the successes I had.
Max Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable. In 2019, Max graduated cum laude with a bachelor's in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at the Dutch Police, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as Black Hat (USA, EU, MEA, Asia), DEFCON, Botconf, and other conferences. Additionally, he gave guest lectures and workshops for several universities and private entities.