Mastiff: Automated Static Analysis Framework

Malware analysis consists of two phases – static and dynamic analysis. Dynamic analysis, or analyzing the behavior of a sample, has already been automated in numerous projects. Static analysis, or analyzing key characteristics of a sample, has not. Therefore, responders must run tools by hand or put together scripts that automate the process. This leads to situations where analysis occurs more slowly or inefficiently.

To alleviate this, we have developed MASTIFF, a new open-source static analysis automation framework. This presentation will introduce MASTIFF and discuss:

• Automating static analysis and the problems associated with it.
• How MASTIFF overcomes those problems.
• MASTIFF's capabilities and how it works.
• How plug-ins can be developed to extend the functionality of the framework.
• How the security community can contribute to extending and enhancing MASTIFF.

Demonstrations of MASTIFF on malicious files will also be performed.