Virustotal Spelunking

Presented at BSides Austin 2016, April 1, 2016, 2 p.m. (60 minutes)

Employing Virus Total as a key focal point for investigation and intelligence collection. Virustotal is employed ubiquitously to upload data and check for malicious content. Submissions, however, leave a trail of metadata that can be tracked and analyzed. Each submission also generates a mass of derivative data tha can be used to pivot off of or leveraged for further analysis. While much of that metadata is hidden behind the private paid subscription, reams of it can be accessed publicly and leveraged to collect threat intelligence. In this presentation, we will touch on some of the lesser known metadata available and how to collect and implement it in an intelligence or response capacity.

Presenters:

• Monty St John
  Monty St John is partner for ATXForensics and a frequent contributor to community and industry events. Previous contributions have focused on research and interests in banking and healthcare security topics. His current research focuses on harvesting the DNS for threat intelligence. His latest contributions are to a book on network side of malware analysis and an open malware analysis book.
• Christoper Rogers

Links:

• https://bsidesaustin2016.sched.com/event/6DWV/virustotal-spelunking

Similar Presentations:

• VB2017 / VirusTotal tips, tricks, and myths
• TROOPERS16 (2016) / Passive Intelligence Gathering and Analytics - It's all Just Metadata!
• DEF CON 24 (2016) / An Introduction to Pinworm: Man in the Middle for your Metadata