Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
0
230
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
Tweet
Share
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
89
Using Python to Fight Cybercrime
krmaxwell
2
220
Incident Patterns
krmaxwell
0
340
Hackertainment
krmaxwell
1
210
Threat Intelligence for Incident Response
krmaxwell
0
160
From Minion to Engineer
krmaxwell
0
100
Why XOR Crypto Sucks
krmaxwell
0
200
Open Source Threat Intelligence - Shakacon
krmaxwell
1
880
Secure Blogging
krmaxwell
0
140
Other Decks in Technology
See All in Technology
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
240
プロンプトエンジニアリングでがんばらない-Agentic Workflow へ-近藤憲児
kenjikondobai
3
850
LangSmith入門―トレース/評価/プロンプト管理などを担うLLMアプリ開発プラットフォーム
os1ma
3
310
LLM開発・活用の舞台裏@2024.04.25
yushin_n
1
340
生産性向上チームの紹介
cybozuinsideout
PRO
1
870
Building a RAG-poweredAI chat appwith Python and VS Code
pamelafox
0
100
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
4
920
require(ESM)とECMAScript仕様
uhyo
3
760
Python と Snowflake はズッ友だょ!~ Snowflake の Python 関連機能をふりかえる ~
__allllllllez__
1
120
Gitlab本から学んだこと - そーだいなるプレイバック / gitlab-book
soudai
4
440
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
260
KubeConにproposalを送りたい人へのアドバイス
sat
PRO
3
260
Featured
See All Featured
Debugging Ruby Performance
tmm1
70
11k
Producing Creativity
orderedlist
PRO
337
39k
We Have a Design System, Now What?
morganepeng
43
6.8k
A Philosophy of Restraint
colly
197
16k
Fireside Chat
paigeccino
21
2.6k
Build The Right Thing And Hit Your Dates
maggiecrowley
24
2k
Design by the Numbers
sachag
274
18k
A Modern Web Designer's Workflow
chriscoyier
689
190k
Building Adaptive Systems
keathley
31
1.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
30
6k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
78
43k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions