Siege personnel have had several unique opportunities to support various commercial, federal, and DoD organizations in an operational capacity providing intrusion detection and software forensic analysis services. Through these opportunities, Siege personnel have gained valuable insight into emergent threat actors and new malware development, deployment, and persistence techniques. With formerly classified events now made public such as Titan Rain and the recent Operation Aurora, personnel experienced with detection and interception of state-sponsored APT (Advanced Persistent Threat) is more important than ever. Working with a current DoD customer within this problem space, Siege personnel are leading research efforts into kernel and sub-kernel malware techniques.
Our specific experience supporting various customers in this space include:
- Malware analysis
- Secure static and dynamic malware reverse engineering
- Botnet infiltration and C&C analysis
- Exploited vulnerability analysis
- Multistage malware deployment tracing
- Malware memory injection analysis
- Data exfiltration detection
- Rootkit detection and analysis
- Identification of memory, disk, and firmware hooking
- Defeat anti-tamper and software protection techniques
- Tamper sensing and response
- Experience with defeating encryption, polymorphism, obfuscation techniques
- Code attribution
- Authorship analysis
- Technique classification
- Trace-back techniques
Our specific experience includes but has not been limited to the following technologies:
- Analysis Tools: VMWare, QEMU
- Debuggers: IDA Pro, OllyDbg, Windbg, gdb/ddd
- Exploit Harness Languages: Javascript, Flash ActionScript, VB, x86 assembly
