Ero Carrera is currently a Senior Software Engineer at Google’s Threat Analysis Group (TAG). He’s been there nearly 10 years building large-scale reverse engineering tooling and intelligence analysis frameworks.
Before joining Google, Ero, together with Pedram Amini, taught a successful malware reverse engineering training course at BlackHat for many years. Ero has also led courses on reverse engineering with zynamics, the home of BinDiff and VxClass. His professional experience, in addition to Google and zynamics, includes time working at F-Secure and VirusTotal.
Ero is also the author of pefile a popular Python module for aiding analysis of the Windows PE file format.
About the training
The aim of this course is to apply interpretable machine learning to threat intelligence. We will learn how to decide whether ML is an adequate solution for every stage of the threat-intel workflow and, if so, develop an intuition as to which algorithms within ML help us most. Driven by the participants’ needs and interests, some areas we may focus on are: reverse engineering automation and extraction of intelligence from malware feeds, fusing and aggregating intelligence from reports and produced in-house, decision making with uncertain intelligence
and judging intelligence quality and utility for your organization.
The materials covered will allow you to scale your analysis and improve the quality of the intelligence you produce.
• Learn how to use machine learning to automate your threat intelligence workflow
• Aggregation and enrichment of data on a massive scale
• Distill, select and transform data to improve threat intelligence
Duration: 3-5 days
Prerequisites: Reversing (IDA) and ML frameworks (TensorFlow).