Open Source Malware Lab

Presented at The Eleventh HOPE (2016), July 23, 2016, 9 p.m. (60 minutes)

The landscape of open-source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open-source tools that satisfy the analysis requirements for each of these entry points. Each tool's output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open-source software.

Presenters:

• Robert Simmons
  Robert Simmons is a senior threat intelligence researcher at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open-source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert is also the author of PlagueScanner, an open-source virus scanner framework.

Links:

• https://xi.hope.net/schedule.html#-open-source-malware-lab- (Conference Schedule)
• https://infocon.org/cons/2600/The Eleventh HOPE (2016)/The Eleventh HOPE (2016) Open Source Malware Lab.srt (subtitles)
• https://infocon.org/cons/2600/The Eleventh HOPE (2016)/The Eleventh HOPE (2016) Open Source Malware Lab.mp4
• https://www.youtube.com/watch?v=IdrZvoRLdes

Similar Presentations:

• VB2016 / Open Source Malware Lab
• Blue Team Con 2022 / Why I Keep Building My Security On Open Source Year After Year
• Black Hat USA 2012 / Flowers for Automated Malware Analysis