Malware analysis consists of two phases – static and dynamic analysis. Dynamic analysis, or analyzing the behavior of a sample, has already been automated in numerous projects. Static analysis, or analyzing key characteristics of a sample, has not. Therefore, responders must run tools by hand or put together scripts that automate the process. This leads to situations where analysis occurs more slowly or inefficiently.
To alleviate this, we have developed MASTIFF, a new open-source static analysis automation framework. This presentation will introduce MASTIFF and discuss:
Demonstrations of MASTIFF on malicious files will also be performed.
Tyler Hudak is a Senior Security Consultant for KoreLogic Security and has extensive real-world experience in malware analysis and incident handling for Fortune 500 firms. Tyler is a member of the Forum of Incident Response and Security Teams (FIRST) and leads the FIRST Malware Analysis Special Interest Group. He has previously presented at a number of conferences, is on the board of the NorthEast Ohio Information Security Forum and maintains a blog at http://secshoggoth.blogspot.com.