Mastiff: Automated Static Analysis Framework

Presented at ShmooCon IX (2013), Unknown date/time (Unknown duration)

Malware analysis consists of two phases - static and dynamic analysis. Dynamic analysis, or analyzing the behavior of a sample, has already been automated in numerous projects. Static analysis, or analyzing key characteristics of a sample, has not. Therefore, responders must run tools by hand or put together scripts that automate the process. This leads to situations where analysis occurs more slowly or inefficiently.

To alleviate this, we have developed MASTIFF, a new open-source static analysis automation framework. This presentation will introduce MASTIFF and discuss:

Demonstrations of MASTIFF on malicious files will also be performed.

Presenters:

• Tyler Hudak
  Tyler Hudak is a Senior Security Consultant for KoreLogic Security and has extensive real-world experience in malware analysis and incident handling for Fortune 500 firms. Tyler is a member of the Forum of Incident Response and Security Teams (FIRST) and leads the FIRST Malware Analysis Special Interest Group. He has previously presented at a number of conferences, is on the board of the NorthEast Ohio Information Security Forum and maintains a blog at http://secshoggoth.blogspot.com.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2013/ShmooCon 2013 Videos/astiff - Automated Static Analysis Framework.mp4

Similar Presentations:

• VB2018 / Android app deobfuscation using static-dynamic cooperation
• AppSec USA 2014 / Static Analysis for Dynamic Assessments
• REcon 2006 / Secure Development with Static Analysis