close
Gartner Report:
Innovation Insight for
Security Orchestration,
Automation and Response DOWNLOAD NOW

ThreatConnect at Virus Bulletin International Conference

Robert Simmons, Director of Research Innovation at ThreatConnect, Inc will be speaking at the Virus Bulletin International Conference.

Session Title: Open Source Malware Lab

Abstract: The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool's output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.

For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways in which they can be chained together for the purpose of automation.

Date: Thursday, October 6th

Time: 9:30am- 10:00am

Location:  Green Room

Screen Shot 2016-08-16 at 4.37.46 PM

Now in its 26th year, the annual Virus Bulletin International Conference (VB2016) is one of the cybersecurity events of the year.

In Denver Colorado, more than 500 delegates from around the world are expected at VB2016.

From 5-7 October 2016, the world’s leading IT security experts - from academia and vendors to non-profits and mega corporations - will gather to share their expertise, ideas, research, and predictions.

ABOUT THE AUTHOR

With ThreatConnect, security analysts can simultaneously coordinate with incident response, security operations and risk management teams while aggregating data from trusted communities. Your team will be better equipped to protect the organization from modern cyber threats, mitigate risk and address strategic business needs all thorough a single, robust platform.