A Mount student works on his laptop.
As part of National Cybersecurity Awareness Month, Mount Saint Mary College introduced guest speaker Brandon Moody, a Senior Cybersecurity Assessor at the US Department of Energy, to discuss antivirus evasion and computer software on Thursday, October 6.
The talk was the first in the college’s new Cybersecurity speaker series, which is open to the public.
Moody joined the Mount community to share what he has learned throughout his career, focusing on antiviral evasion and malware. His presentation was broken down into several sections: an introduction to malware, anti-malware and VirusTotal (a product that analyzes suspicious files, URLs, domains, and IP addresses to detect malware and other types of threats), a walkthrough demo on antivirus evasion, and a Q&A session.
Having worked in the field for around a decade, Moody brings cutting-edge technical expertise to the Cybersecurity arena in his current position. He conducts penetration testing – authorized cyberattacks performed to evaluate the security of a computer system – while learning alongside a team of highly experienced colleagues. He obtained a Master of Science in Cybersecurity from Johns Hopkins University, and a Bachelor’s in Computer Science from Towson University.
Moody discussed detection of the oldest and most traditional sense of malware (malicious data capturing, destroying, etc.) using the comparison of digital signatures. Similar to a criminal changing their physical appearance to avoid police, hackers will change how their malware looks to computers to avoid detection. During the demo, Moody tested a few ID changing methods to see if he could avoid detection, or even minimize the number of antivirus solutions that are detectable. Once the demo was completed and the metadata was removed from the sample application, Moody was able to significantly decrease the total number of detections in the file.
“Where we initially started at 54, we got down to 38, down to 34,” he explained. “Imagine if you spent a number of hours dedicated to the effort, you could further decrease the number, perhaps down to when it’s undetectable. If you do so in a way that’s kind of directed, you may not even impact the functionality of the application.”
By using these methods, Moody and other cybersecurity experts can test computer systems to make sure they can defend against the real thing.
As part of the continuing talk series, on Thursday, October 27, SecurEd Inc. employees Paige Zellapa, director of Operations, and Emily Vogel, software architect, will present “Cyber4All: Interdisciplinary Cybersecurity.” The talk is free and open to the public will happen on campus in Aquinas Hall room 053. The Mount is located at 330 Powell Ave., Newburgh, N.Y.
Offered as both an IT concentration and major, the Mount’s Cybersecurity program provides theoretical and hands-on skills to identify and mitigate security vulnerabilities in software, operating systems, networks, and more. A major or concentration in Cybersecurity at the Mount can lead to careers in technology, security software, defense, government, teaching, e-commerce, banking, finance, business, and more.