Presented at
DEF CON 31 (2023),
Aug. 12, 2023, 2 p.m.
(115 minutes)
VirusTotal serves as a popular platform for aggregating malware information submitted by Anti-Virus (AV) software providers, which can be searched using parameters such as hashes (SHA-1, SHA-256, MD5), file names, and malicious web links. In order to enhance and automate the process of malware intelligence gathering, we introduce ThreatScraper, a Python-based tool that automates free API queries and rescanning tasks on VirusTotal. ThreatScraper is designed to periodically request reports on specified files and save the results in a local database or Excel file. It allows users to pull and aggregate malicious file reports from multiple AV vendors over time, providing insights into the adoption of malware detection across providers. Easily implemented from any Windows command line, ThreatScraper can rescan a file, pull a report, and then sleep until the next designated time identified by the user.
Presenters:
-
Dr. Scott Graham
Dr. Scott Graham is a Professor of Computer Engineering at the Air Force Institute of Technology. His research interests center on cyber physical systems, looking at the intersection between real physical systems and the computers that control them. Specific areas of interest include cyber physical systems security, computer architecture, embedded computing, critical infrastructure protection, and vehicular cyber security.
-
Aaron "AJ" Morath
Captain Aaron "AJ" Morath, CEH/CompTIA Pentest+, is a graduate student at the Air Force Institute of Technology, where he is involved in researching malware identification and propagation. His thesis work concentrates on developing innovative strategies to combat evolving cybersecurity threats and enhance security measures. AJ has served as the Defensive Cyber Operator (DCO) Officer in Charge (OIC) of the NASIC DCO team for three years. He oversaw the security and defense of an enterprise network comprising over 6,000 connected devices.
Similar Presentations: