… well, it was over already on Saturday, but I’ve been been busy analyzing malware and have not had the time to write this post earlier 
Friday’s presentations showed the same quality as the ones presented during the first day of the conference. The day opened with a couple of interesting talks on how to de-obfuscate scripts: this is actually a rather interesting topic, as scripts are getting more and more to be the way in which machines get originally infected, for example when browsing the web. Several analysis techniques and tools have been presented to effectively decode scripts’ code that could otherwise turn into a researcher’s nightmare.
Then we had an interesting presentation from team members of AV-Team.org, in which they presented the results they obtained while trying to test performances of AV engines while scanning packed or protected code and while taking into consideration several factors, like the capabilities of some engines to use generic unpacking techniques and what happens when blacklisting certain packers.
Blacklisting of packers was also the topic of other two presentations, showing how “hot” this topic is. A presentation from Avert Labs’ own Gaith Taha stepped into this difficult field of trying to create a methodology to estimate the risk associated with packer’s blacklisting and generic detection.
Next, Sophos’ Boris Lau presented his work about dealing with virtualizing packers, which uses virtual machines to make code analysis complex and tiresome. The presented work was excellent, showing how to apply techniques that are usually associated with compiler science to help in the difficult fight against these complex protectors.
To close the day, Avert’s Geok Meng Ong presented his work about a different kind of obfuscation, the one that comes from a closed or partially documented file format, accompanying his speech with several case studies.
Looking to the past days in Amsterdam I can truly anything that it has been a really nice experience, a chance to meet great people and discuss with them some very interesting topics… Thanks for the great time guys!!
Now, back to malware analysis
Signing off…