Mining VirusTotal for Operational Data and Applying a Quality Control On It

DEF CON 24

Presented by: Gita Ziabari
Date: Saturday August 06, 2016
Time: 17:10 - 18:00
Location: Packet Hacking Village

More than one million samples are being submitted and analyzed by more than 50 AV engines in VirusTotal on daily basis. Factors such as filtering, scaling the detected engines, scaling the categories in network data, scaling the HTTP responses are being used in conjunction of an algorithm for constructing an operational data. The filtered data are being clustered based on their malware type with indication of their malware names. The obtained data is also being evaluated by another algorithm for removing the aged and less scaled data on daily basis. The used APIs, algorithms and source code will be presented to the audiences. The tool could be downloaded for immediate use.

Gita Ziabari

Gita Ziabari (Twitter: @gitaziabri) is working at Fidelis Cybersecurity as a Senior Threat Research Engineer. She has more than 12 years of experience in threat research, networking, testing and building automated frameworks.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats