Tristan Pourcelot
Last known affiliation: Exatrack
Bio: Tristan Pourcelot is a Senior Threat Researcher with Exatrack since 2021. He started hunting threats more than 10 years ago with the French Agence Nationale de la Sécurité des Systèmes d’Informations (ANSSI), and now uses his skills for Exatrack since 2021. He focuses on hunting advanced threats, and has published several posts on them such as TrioPikeur (BPFDoor) and Mélofée.
10 Years of Large-Scale Malware Comparison: Going Deeper With Machoke
Tristan Pourcelot 🗣 | Stéfan Le Berre 🗣
Tristan Pourcelot 🗣 | Stéfan Le Berre 🗣
Abstract (click to view)
As threat hunters, we are often faced with the problems of analyzing many malicious binaries, related or not. Some of the problems encountered are ranging from classifying a sam-
ple to a known family, identifying common functions or used libraries, to finding a unique function across a large set of samples. Building on our experience with Machoc, a CFG matching algorithm published in 2016, our aim was to solve these problems while scaling our malware collection to tens of thousands of samples.
We will present the techniques we developped in order to scale Machoc comparison, and also an overview of a new algorithm we developped to identify common functions in a large dataset.
