Alessandro Strino
Last known affiliation: Cleafy
Bio: Alessandro Strino has a solid background in Penetration testing and modern malware analysis. His main research topics are binaries and computer forensics. Nevertheless, he is passionate about binary exploitation, reverse engineering, and privilege escalation techniques. He now works as a senior malware analyst at Cleafy. He has spoken at BotConf 2023, Cert-EU 2023, BSides Cyprus 2023, FS-ISAC 2024.
Federico Valentini 🗣 | Alessandro Strino 🗣
Abstract (click to view)
During the last three years, we have tracked and closely analyzed a specific TA, intending to infect Windows workstations on corporate environments trying to alter legitimate banking transfers performed by the victims. The main technique leveraged was the Automated Transfer System (ATS), enabled via custom web injects for changing the beneficiary and transferring money to an illegitimate bank account (money mule) controlled by themself or affiliates, which is then responsible for handling and laundering the stolen funds. The critical component behind those fraud operations was one of the most advanced banking trojans, Ramnit.
Even if Ramnit has already been described in the literature, because of our forefront position, it was possible to understand TA behavior deeply and reconstruct the whole infection chain that goes through the initial malspam campaign, an accurate selection of victims during the botnet construction, the Automatic Transfer System (ATS) technique for cash-out through wire transfers, and the final money laundering.
Federico Valentini 🗣 | Alessandro Strino 🗣 | Michele Roviello 🗣
Abstract (click to view)
Understanding Android malware can initially feel daunting and disorienting, but with a solid foundation of knowledge and a touch of automation, the process becomes much easier. This workshop teaches participants the essential concepts required to analyze Android malware effectively. The knowledge gained here can be applied to other security domains, such as malware detection, classification, and automation. By attending, participants will develop technical expertise and gain a deeper understanding of the techniques and methodologies commonly used in malware analysis. Another key goal of this workshop is to delve into the analyst’s mindset, helping attendees adopt the critical thinking and problem-solving approach required for reverse engineering tasks.
Designed for both aspiring analysts and those with intermediate experience, this workshop emphasizes the development of critical thinking and systematic problem-solving approaches essential for effective reverse engineering. Participants will analyze prominent malware families, including Toxic Panda, DroidBot, Bingomod, etc.. through a combination of static and dynamic analysis techniques enhanced by practical Python scripting and Frida instrumentation.
The workshop will have a final challenge (a hands-on exercise) featuring a custom malware sample designed specifically for attendees. This final challenge allows participants to apply all the techniques demonstrated during the training session. The analysis is guided by a series of questions, encouraging deeper exploration and problem-solving as participants progress. In classic challenge fashion, the ultimate goal is to uncover a hidden flag.
With its blend of practical exercises, technical insights, and real-world applications, this workshop offers a comprehensive and engaging introduction to Android malware analysis. It empowers participants to tackle similar challenges confidently in their cybersecurity journey.
