Addressing today's problems
August 19, 2022
Baker presents at Black Hat Arsenal
Aaron Baker fell in love with programming when he was in the fifth grade.
That passion led to professional programming and software development jobs, starting when he was about 15. He got his first internship when he was a junior in high school. That led to contracts for things like ethical hacking bug bounties.
After high school, he started working towards a cyber security associate degree at the community college in his hometown of Sheridan, Wyoming. There he heard about a new cyber research opportunity at Dakota State, so in 2019 he came to Madison to be part of the Research Experience for Undergraduates (REU) at DSU, researching Internet of Things (IoT) devices.
Baker discovered malware analysis during this REU and connected with a faculty member doing research in this area. After completing his A.A., he came to DSU to earn a bachelor’s degree in Cyber Operations.
“I enjoy school,” he said, “I like to focus on learning and address the problems that exist today.”
Malware is one of the security issues today, and Baker was able to continue researching this topic during the last school year, work sponsored in part by funding from the NSA. This effort has resulted in the creation of a tool for modular automated large-scale malware analysis framework.
This tool is novel enough to have been accepted for presentation at the 2022 Black Hat USA Arsenal this month. The Black Hat Arsenal website said that presenters there are “the best of the best in the world.” Researchers and the community showcased their latest open-source tools and products. This year, Arsenal provided tool demonstrations in an open, conversational, and hybrid environment where presenters are able to interact with attendees.
“I had a booth with a time frame to talk about it, and demonstrate the tool and talk with people about it.” Baker’s presentation was titled “SubParse - Malware Artifact and Correlation Framework.”
“This tool allows for many file types to be analyzed, determining the file type,” he explained, “and run parsers to do static analysis directly on specific file types and enrichers,” which means doing post-data processing to get more information from threat and intelligence groups.
One advantage of this is that it gives the user several options, and has a web interface. “This allows for searchability of all results to narrow it down to the samples that might be interesting,” Baker said.
It was quite the experience,” he said, with the added advantage of networking with people from companies such as Hacker One and Synack, “to pick the brains with others in ethical hacking.”
He appreciates the experiences DSU offers “to continue with my education and dive deeper into the area of study that I’m enjoying more and more every day!”
Dakota State also offers him the option to get additional certificates before graduation.
Baker will graduate in May 2023, and hopes to end up in a cyber position, as a developer. He has always wanted to have his own software company but that is a long-term goal. In the meantime, he plans to network, meet people, and get more experience.