http://windowstips.wordpress.com Agenda Agenda Introduction - - PowerPoint PPT Presentation

http windowstips wordpress com agenda agenda
SMART_READER_LITE
LIVE PREVIEW

http://windowstips.wordpress.com Agenda Agenda Introduction - - PowerPoint PPT Presentation

Oct 08, 2023 855 likes •1.07k views

Juan Garrido MVP Enterprise Security @tr1ana http://windowstips.wordpress.com Agenda Agenda Introduction Malware public information TRIANA Conclusions Agenda One new malware every 2 seconds Its like epidemic Many variety of

slide-1
SLIDE 1

 Juan Garrido  MVP Enterprise Security  http://windowstips.wordpress.com

@tr1ana

slide-2
SLIDE 2

Agenda

slide-3
SLIDE 3

Agenda

Introduction Malware public information TRIANA Conclusions

slide-4
SLIDE 4

Agenda

One new malware every 2 seconds It’s like epidemic Many variety of vectors: APT Drive by downloads USB Rootkits, Bootkits, etc...

slide-5
SLIDE 5

Introduction

Many variety of technology: MS Office PDF Windows Apple based Mobile Big problem when analyze a lot of samples

slide-6
SLIDE 6

Introduction

  • Some questions:

– The Malware analyst have tools to perform analysis?

  • Like a sandbox, scripts, little unit tools

– The Malware analyst have a deep know in the malware analysis art?

  • Static analysis, dynamic analysis, reversing, etc..
  • It’s possible reduce the analysis time?

– Is a sample available for analyze?

slide-7
SLIDE 7

Introduction

  • Is a sample available for analyze?
slide-8
SLIDE 8

Malware Public Information

  • Why need MD5 instead of SHA1 or SHA256?
  • Easy: For URL based search
slide-9
SLIDE 9

Malware Public Information

slide-10
SLIDE 10

DEMO

Malware based search

slide-11
SLIDE 11

WHERE IS MY SAMPLE

  • In many cases:

– The sample is located in public site – The sample is located in hacking site – The sample is located in Web Access tool (Like VT, Malwr, etc…) – The sample is located in a public repository

slide-12
SLIDE 12

WHERE IS MY SAMPLE

  • IP, Host, Domain:

– Useful for discover new samples

  • Whois
  • Domain Lookup
  • Etc…

– Useful for discover APT Threats, Malware located by country, etc…

slide-13
SLIDE 13

WHERE IS MY SAMPLE

slide-14
SLIDE 14

DEMO

Malware sample search

slide-15
SLIDE 15

TRIANA

  • Python based script:

– Perform HASH and File Hash search – Many public information reference – Ability to download the sample if found it – Many sources One JSON source – DOCX Report

slide-16
SLIDE 16

TRIANA

  • IP & Domain collector:

– Check in IP and Domain reputation lists

  • Plugin based:

– VirusTotal plugin – Malwr plugin – ThreatExpert plugin – Etc, etc…

slide-17
SLIDE 17

TRIANA

slide-18
SLIDE 18

CONCLUSIONS

  • It’s possible reduce time in malware analysis

– Automate unit test – Automate malware analysis – Automate static analysis – Automated search based malware

  • It’s useful to attach like annex

– JSON results – DOCX report

  • It’s useful to search malware

– Many public information sites – Different public sandbox perform different analysis – Many public repositories

slide-19
SLIDE 19

THANKS ;)

Juan Garrido Juan_garrido@innotecsystem.com http://www.innotecsystem.com