We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
A New Trend for the Blue Team: Using a Symbolic Engine to Detect Evasive Forms of Malware/Ransomware
Experts and researchers in the blue team using a symbolic engine called TSAR to detect evasive forms of malware, with a focus on file encryption, file enumeration, and file operation.
- The speaker uses a symbolic engine called TSAR to detect evasive forms of malware/ransomware.
- The TSAR engine analyzes the binary code to identify malicious behavior, focusing on three key characteristics: file encryption, file enumeration, and file operation.
- The TSAR engine is able to detect obfuscated samples and overcome limitations of static and dynamic analysis.
- The engine is designed to analyze the binary code of a file, identify potential threats, and create a detection log.
- The analysis is based on symbolic execution, which allows for the creation of a virtual machine to simulate the execution of the code.
- The engine can identify various types of malware, including ransomware, and detect both generic and variant attacks.
- The TSAR engine is designed to be lightweight and can be used for real-time detection.
- The engine has been used to detect several types of ransomware, including BarbaR, Ransomware 64, and Sealion.
- The engine is not limited to detecting ransomware and can be used to detect other types of malware as well.