BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.nsec.io//BP7KTP
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-2024-BP7KTP@cfp.nsec.io
DTSTART;TZID=EST:20240516T143000
DTEND;TZID=EST:20240516T150000
DESCRIPTION:Nim has become the language of choice for a number of libraries
  and tools used by red-teamers and pentesters. Much like with Mimikatz and
  Cobalt Strike before\, malicious actors have started putting some of the 
 same tooling to their nefarious purposes  . One such example is Mustang Pa
 nda\, a China-aligned APT that started using Nim to create custom loaders 
 for their Korplug backdoor. For attackers\, using a less common language a
 lso has benefits when it comes to evading defenses and hindering analysts
 ’ work\; we have seen the same thing with the growth of malware written 
 in Go and Rust.\nIn this presentation\, we will go over some of the specif
 ic challenges associated with analyzing Nim malware. We will then present 
 tips and tools to help mitigate these difficulties. This will include the 
 presentation of Nimfilt\, our analysis script for IDA Pro that we will rel
 ease shortly before the conference.\nFinally\, we will demonstrate the use
  of Nimfilt and other publicly available tools on real malware samples .
DTSTAMP:20260415T003224Z
LOCATION:Ville-Marie
SUMMARY:Reverse-Engineering Nim Malware: Or a brief tale of analyzing the c
 ompiler for a language I had never used - Alexandre Côté
URL:https://cfp.nsec.io/2024/talk/BP7KTP/
END:VEVENT
END:VCALENDAR