Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Grabbing fresh evil bits: Maltrieve
Search
Kyle Maxwell
May 04, 2013
Technology
250
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Grabbing fresh evil bits: Maltrieve
BSides San Antonio - May 2013 - retrieving malware from sources
Kyle Maxwell
May 04, 2013
More Decks by Kyle Maxwell
See All by Kyle Maxwell
In the Lair of the Beholder
krmaxwell
0
120
Using Python to Fight Cybercrime
krmaxwell
2
240
Incident Patterns
krmaxwell
0
460
Hackertainment
krmaxwell
1
240
Threat Intelligence for Incident Response
krmaxwell
0
210
From Minion to Engineer
krmaxwell
0
140
Why XOR Crypto Sucks
krmaxwell
0
220
Open Source Threat Intelligence - Shakacon
krmaxwell
1
910
Secure Blogging
krmaxwell
0
150
Other Decks in Technology
See All in Technology
cccccc
moznion
0
1.9k
GuardrailからGovernanceへ~AIエージェント運用の次の課題~
sbspsy
1
260
product engineering with qa
nealle
0
160
ポストモーテム! DDoSからサイトは守れた。 でもビジネスは守れなかった。
bengo4com
0
2.5k
AI駆動開発におけるQAエンジニアの役割事例 〜AI駆動開発の現場から〜
kobayashiyorimitsu
0
470
Compose 新機能総まとめ / What's New in Jetpack Compose
yanzm
0
160
Terraform共通モジュールをチーム横断で“変えられる”運用へ ― リリースと適用の分離
kekke_n
1
2.5k
生成AI活用によるODC欠陥分析の分類高速化の実践と導入効果 / 20260703 Suguru Ishii
shift_evolve
PRO
2
120
「ちゃんとやっている」は独りよがりだった ― 不安に寄り添うインシデント対応へ / Towards incident response that addresses anxieties
chmikata
1
4.5k
ループエンジニアリングでE2Eテストを実践
noriyukitakei
0
340
型は壁、Rustでもバグを直すな、表現できなくせよ
nwiizo
13
2k
Baseline対応のDOMの型定義を作った
uhyo
3
730
Featured
See All Featured
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
460
Writing Fast Ruby
sferik
630
63k
Deep Space Network (abreviated)
tonyrice
0
220
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
420
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
390
Heart Work Chapter 1 - Part 1
lfama
PRO
8
36k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
290
Abbi's Birthday
coloredviolet
3
8.6k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
150
Optimising Largest Contentful Paint
csswizardry
37
3.8k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
The untapped power of vector embeddings
frankvandijk
2
1.8k
Transcript
Grabbing fresh evil bits Maltrieve Kyle Maxwell BSidesSATX 2013-05-04 Happy
Star Wars Day!
No Imperial entanglements. All opinions are my own.
What it's for github.com/technoskald/maltrieve Retrieves malware directly from the sources
as listed at a number of sites • Malware Domain List • VX Vault • Malc0de • Sacour.cn
Potted history Weekend side project that started as a set
of patches to mwcrawler by Ricardo Dias. Add'l Contributions: Ben Jackson, Bryan Brannigan GPL software
Basic architecture Parallelized Python crawler with proxy support and good
logging. If we haven't seen it before, get a little metadata and save it off
Adding a new feed • RSS feeds - best option!
◦ One line of code • HTML tables and delimited text (CSV) just need a regex Several pending feeds. More suggestions welcome!
Storing the retrieved malware • filesystem plus logging • Some
pickled data • malwarehouse soon • VxCage? maybe
Cuckoo integration Immediate dynamic analysis (thanks Bryan!) that can extract
IOCs and other metadata
thug integration buffer.github.io/thug/ Low-interaction browser honeyclient • Windows (2K/XP/7) •
OS X • Android • Linux • IE 6-9 • Chrome 18-26 • Firefox (3,12,19) • Safari Adobe Reader and JRE plugin emulation as well
If you just want lots of data... Maltrieve is about
fresh evil bits. For lots and lots of evil bits, see VirusShare.com
Ongoing development and questions