I published the following diary on isc.sans.org: “IOC’s: Risks of False Positive Alerts Flood Ahead“. Yesterday, I wrote a blog post which explained how to interconnect a Cuckoo sandbox and the MISP sharing platform. MISP has a nice REST API that allows you to extract useful IOC’s in different formats.
With the number of attacks that we are facing today, defenders are looking for more and more IOC’s (“Indicator of Compromise) to feed their security solutions (firewalls, IDS, …). It becomes impossible to manage all those IOC’s manually and automation is the key. There are two main problems with this
Following the presentation that I made at the RMLL 2014 last week, I slightly changed my malware analysis setup. The goal is to make it fully operational “offline“. Indeed, today we are always “on“, Internet is everywhere and it’s easy to get a pipe. However, sometimes it’s better to not send packets
I’m a Cuckoo user for a long time therefore it was a good opportunity to read the book “Cuckoo Malware Analysis” and write a quick review (The book is published by Packt Publishing). For the readers who don’t know what Cuckoo is, here is a brief introduction… Malwares are a
Claudio Guarnieri and his developers gave us a great gift to finish the year. A few days before Christmas, they released the version 0.5 of Cuckoo, the open source malware analysis system. What’s new in this release? Plenty of nice stuffs! I won’t review there here, have a look at
The new version (0.4) of Cuckoo, the open source  malware analysis system has been released this week. That’s a great news! The list of changes and new features is very impressive. So big that an upgrade is not recommended. In my case, I just installed a brand new Cuckoo instance.
Today, classic anti-virus protections are not enough reliable to protect against modern malwares. To have a better understanding and, if possible, block them, it’s best to execute the code in a safe environment and to analyze its behaviour. Does it create new processes or files, are outbound connections performed via
