Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Macaroni: Integrate Yara sigs with VirusTotal Intelligence

1,543 views

Published on

Macaroni: Integrate Yara sigs with VirusTotal Intelligence

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Macaroni: Integrate Yara sigs with VirusTotal Intelligence

  1. 1. Macaroni Bringing the Penguin to your Browser ! Macaroni penguin (Eudyptes chrysolophus)
  2. 2. WWhhaatt iiss MMaaccaarroonnii ?? Macaroni Extension Macaroni Server  Browser extension  Matches files in VirusTotal to yara signatures 2  Stores yara match notifications, mapping files to yara signatures  REST API to search, add, update, and delete yara match notifications
  3. 3. MMaaccaarroonnii EExxtteennssiioonn  Drag n Drop Installation  Cross Platform  Seamless Integration with VTMIS 3
  4. 4. SSeeaarrcchh RReessuullttss Default VTMIS Search Results 4
  5. 5. SSeeaarrcchh RReessuullttss 5 VTMIS Search Results with Macaroni
  6. 6. TTaaggss 6 Tags from yara signature notifications
  7. 7. TTaagg SSeeaarrcchh Search the Penguin for tags from within VTMIS ! 7
  8. 8. TTaagg SSeeaarrcchh Immediately find the samples you’re looking for 8
  9. 9. MMaaccaarroonnii SSeerrvveerr Responsibilities  answer queries from Macaroni Extension  store file hashes mapped to yara signatures  manage users 9 Elasticsearch Flask User Model gunicorn Nginx
  10. 10. AAPPII QQuueerryy Request Response 10
  11. 11. AAPPII QQuueerryy 11 Response Content
  12. 12. FFllaasskk AApppp  a modular structure so new modules can easily be plugged in  highly configurable 12
  13. 13. RReeddiiss CCaacchhee 13
  14. 14. UUsseerr MMaannaaggeemmeenntt 14
  15. 15. DDeeppllooyymmeenntt  Vagrant  Ansible  Phansible (www.phansible.com) 15 To create a local dev environment: vagrant up To deploy to a remote server: ansible-playbook playbook.yml
  16. 16. LLiivvee DDeemmoo 16
  17. 17. QQ&&AA 17 Nick Summerlin nick@themalwarelab.com nick@sinkhole.me nsummerlin https://github.com/iSIGHTPartners/macaroni_extension.git https://github.com/iSIGHTPartners/macaroni_server.git

×