Invincea, Inc., profile picture
Uploaded byInvincea, Inc.
PPTX, PDF955 views

Webcast: The Similarity Evidence Explorer For Malware

The document discusses the Similarity Evidence Explorer for malware, a data visualization tool developed by Robert Gove, aimed at aiding malware analysts in comparing malware attributes efficiently. The tool enables large-scale comparisons through features like histograms and detailed visualizations, facilitating the analysis of numerous malware samples. For further information and access to the tool, users are directed to the Cynomix website.

Software
Related topics:
Malware Analysis Guide

Embed presentation

Download to read offline
The Similarity Evidence Explorer for Malware A SCALABLE VISUALIZATION FOR COMPARING MALWARE ATTRIBUTES Robert Gove Senior Research Engineer, LABS | FAIRFAX, VA 2/18/2015 1
Meet the Presenter Robert Gove is a Senior Research Engineer at Invincea Labs. He is a data visualization expert who has recently worked on Cynomix, a web- based community malware triage tool. He has several years of experience designing and implementing novel visualizations to support analysts in answering complicated questions. Robert has a Master of Science in Computer Science from The University of Maryland where his thesis was on evaluating visualization tools for citation network exploration.
Malware Analysis Use Case SITUATION: Major corporation hacked • Stack of malware to analyze • Need to compare to other malware
Scale Is Overwhelming
Need to Compare Malware comparison 1 %s Connected! /fetch.py cmd.exe __getmainargs _controlfp add “HKCU” advapi32.dll AllocConsole Analog CloseHandle cmd.exe CreatePipe DeleteFileA FileSize InternetConnect InternetOpen InternetOpenUrl kernel32.dll read failed lstrlenA . . . focal sample %s Connected! /fetch.py cmd.exe __getmainargs _controlfp Accept:*/* add “HKCU” advapi32.dll Analog CloseHandle cmd.exe CreatePipe DeleteFileA FileSize InternetConnect InternetOpen InternetOpenUrl kernel32.dll read failed lstrcatA . . . comparison 2 /install __getmainargs __p__commode _controlfp _strnicmp add “HKCU” advapi32 Analog cd-rom check service CloseServiceHandle cmdpath= CopyPathA DeleteFileA Install service HTTPQueryInfo InternetOpen InternetOpenUrl read failed lstrcatA . . . comparison n /install __getmainargs __p__fmode _initterm _strcmpi Accept:*/* add “HKCU” advapi32 tcp cmdpath= CopyFileA FileSize Install service HTTPQueryInfo InternetOpen InternetOpenUrl read failure lstrcatA msvcrt.dll net start . . . …
Existing Malware Viz Tools compare system calls [Trinius et al, 2009] [Saxe et al, 2012] individual malware [Conit et al, 2008] [Quist and Lierbrock, 2009] [Domas, 2012]
Similarity Evidence Explorer for Malware
Similarity Histogram overview of similarity with focal sample
Venn Diagram List
Relationship Matrix
SEEM Demo [ DEMO ] try it yourself: www.cynomix.org
SEEM Conclusion • Large-scale malware comparison –Comparison overviews with histograms –Detailed visualizations of comparisons compare large group of malware across sets of strings, DLLs, and function calls Interested? www.cynomix.org cynomix@invincea.comSupported by DARPA award FA8750-10-C-0169 as part of Cyber Genome
Questions? @Invincea @InvinceaLabs @rpgove Learn more about Invincea’s solutions or visit our website at www.invincea.com Contact us at 1-855-511-5967

More Related Content

PPTX
Outpost24 webinar: best practice for external attack surface management
byOutpost24
 
PPTX
Advanced Threat Protection
byLan & Wan Solutions
 
PPTX
What is Next-Generation Antivirus?
byRyan G. Murphy
 
PPTX
IOCs for modern threat landscape-slideshare
bySai Kesavamatham
 
PPTX
Penetration Testing vs. Vulnerability Scanning
bySecurityMetrics
 
PDF
The 4 Levels of Open Source Risk Management
byBlack Duck by Synopsys
 
PPTX
Tech Throwdown: Secure Containerization vs Whitelisting
byInvincea, Inc.
 
PPTX
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
byInvincea, Inc.
 
Outpost24 webinar: best practice for external attack surface management
byOutpost24
 
Advanced Threat Protection
byLan & Wan Solutions
 
What is Next-Generation Antivirus?
byRyan G. Murphy
 
IOCs for modern threat landscape-slideshare
bySai Kesavamatham
 
Penetration Testing vs. Vulnerability Scanning
bySecurityMetrics
 
The 4 Levels of Open Source Risk Management
byBlack Duck by Synopsys
 
Tech Throwdown: Secure Containerization vs Whitelisting
byInvincea, Inc.
 
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
byInvincea, Inc.
 

What's hot

PDF
Client-Side Penetration Testing Presentation
byChris Gates
 
PPTX
Sandboxing
byLan & Wan Solutions
 
PPTX
Sandboxing
byLan & Wan Solutions
 
PPTX
Outpost24 Webinar - Five steps to build a killer Application Security Program
byOutpost24
 
PPTX
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
PPTX
Hide and seek - Attack Surface Management and continuous assessment.
byEoin Keary
 
PDF
Cyber Kill Chain Deck for General Audience
byTom K
 
PDF
Application Security Testing(AST)
byArvind Bhardwaj [AB]
 
PDF
Web Application Penetration Testing
byPriyanka Aash
 
PPTX
Continuous Automated Red Teaming (CART) - Bikash Barai
byAllanGray11
 
PPTX
Improve threat detection with hids and alien vault usm
byAlienVault
 
PDF
Threat Modeling Everything
byAnne Oikarinen
 
PPTX
OTG - Practical Hands on VAPT
byshiriskumar
 
PPTX
Secure application deployment in the age of continuous delivery
byTim Mackey
 
PDF
Declaration of Mal(WAR)e
byNetSPI
 
PPTX
Secure application deployment in Apache CloudStack
byTim Mackey
 
PPTX
Security in the Age of Open Source
byBlack Duck by Synopsys
 
PPTX
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
byOutpost24
 
PDF
Mobile Application Security Threats through the Eyes of the Attacker
bybugcrowd
 
PDF
Open Source in Application Security
byBlack Duck by Synopsys
 
Client-Side Penetration Testing Presentation
byChris Gates
 
Sandboxing
byLan & Wan Solutions
 
Sandboxing
byLan & Wan Solutions
 
Outpost24 Webinar - Five steps to build a killer Application Security Program
byOutpost24
 
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
Hide and seek - Attack Surface Management and continuous assessment.
byEoin Keary
 
Cyber Kill Chain Deck for General Audience
byTom K
 
Application Security Testing(AST)
byArvind Bhardwaj [AB]
 
Web Application Penetration Testing
byPriyanka Aash
 
Continuous Automated Red Teaming (CART) - Bikash Barai
byAllanGray11
 
Improve threat detection with hids and alien vault usm
byAlienVault
 
Threat Modeling Everything
byAnne Oikarinen
 
OTG - Practical Hands on VAPT
byshiriskumar
 
Secure application deployment in the age of continuous delivery
byTim Mackey
 
Declaration of Mal(WAR)e
byNetSPI
 
Secure application deployment in Apache CloudStack
byTim Mackey
 
Security in the Age of Open Source
byBlack Duck by Synopsys
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
byOutpost24
 
Mobile Application Security Threats through the Eyes of the Attacker
bybugcrowd
 
Open Source in Application Security
byBlack Duck by Synopsys
 

Viewers also liked

PPTX
Detection and Analysis of 0-Day Threats
byInvincea, Inc.
 
PPTX
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
byInvincea, Inc.
 
PPTX
Endpoint Security Evasion
byInvincea, Inc.
 
PPT
Minimizing Dwell Time On Networks In IR With Tapio
byInvincea, Inc.
 
PPT
Invincea: Reasoning in Incident Response in Tapio
byInvincea, Inc.
 
PDF
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
byXEventsHospitality
 
PPTX
Agile Methods and Data Warehousing
byKent Graziano
 
PPTX
SAP fashion ambassador overview December 2013
byLayla Sabourian
 
PPTX
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
byInvincea, Inc.
 
PPTX
PoS Malware and Other Threats to the Retail Industry
byInvincea, Inc.
 
PPT
CRM & Multi-Channel Marketing Theatre; The route from local to global: managi...
byTFM&A
 
PDF
Threats to the Grid | Cyber Challenges Impacting the Energy Sector
byInvincea, Inc.
 
DOC
Press Release
byDana Hammer-Eden
 
PDF
The A-List_Final_Low Res
byGeorgia Barnett
 
Detection and Analysis of 0-Day Threats
byInvincea, Inc.
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
byInvincea, Inc.
 
Endpoint Security Evasion
byInvincea, Inc.
 
Minimizing Dwell Time On Networks In IR With Tapio
byInvincea, Inc.
 
Invincea: Reasoning in Incident Response in Tapio
byInvincea, Inc.
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
byXEventsHospitality
 
Agile Methods and Data Warehousing
byKent Graziano
 
SAP fashion ambassador overview December 2013
byLayla Sabourian
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
byInvincea, Inc.
 
PoS Malware and Other Threats to the Retail Industry
byInvincea, Inc.
 
CRM & Multi-Channel Marketing Theatre; The route from local to global: managi...
byTFM&A
 
Threats to the Grid | Cyber Challenges Impacting the Energy Sector
byInvincea, Inc.
 
Press Release
byDana Hammer-Eden
 
The A-List_Final_Low Res
byGeorgia Barnett
 

Similar to Webcast: The Similarity Evidence Explorer For Malware

PPTX
Malware and Anti-Malware Seminar by Benny Czarny
byOPSWAT
 
PDF
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
bySegInfo
 
PDF
SANS Digital Forensics and Incident Response Poster 2012
byRian Yulian
 
PPTX
Malware classification using Machine Learning
byJapneet Singh
 
PPTX
detection and classification of malware.pptx
byJamesFranklen
 
PDF
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
bySam Bowne
 
PDF
CH1- Introduction to malware analysis-v2.pdf
byWajdiElhamzi3
 
PPTX
Malware analysis
byPrakashchand Suthar
 
PDF
CNIT 126: Ch 2 & 3
bySam Bowne
 
PPTX
Basic malware analysis
byCysinfo Cyber Security Community
 
PPTX
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
bySam Bowne
 
PDF
Automated In-memory Malware/Rootkit Detection via Binary Analysis and Machin...
byMalachi Jones
 
PPT
Test Strategies & Common Mistakes
byfrisksoftware
 
PDF
Practical Incident Response - Work Guide
byEduardo Chavarro
 
PPT
A Fast Flowgraph Based Classification System for Packed and Polymorphic Malwa...
bySilvio Cesare
 
PDF
How do we detect malware? A step-by-step guide
byMarcus Botacin
 
PDF
A Scalable Approach for Malware Detec2on through Bounded Feature Space Behavi...
byLionel Briand
 
PDF
Nataraj.pdf
byHambardeAtharva
 
PDF
Security Challenges of Antivirus Engines, Products and Systems
byAntiy Labs
 
PPTX
SAMBA - Luka Pavol - 12.3.2014
byAnton Bittner
 
Malware and Anti-Malware Seminar by Benny Czarny
byOPSWAT
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
bySegInfo
 
SANS Digital Forensics and Incident Response Poster 2012
byRian Yulian
 
Malware classification using Machine Learning
byJapneet Singh
 
detection and classification of malware.pptx
byJamesFranklen
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
bySam Bowne
 
CH1- Introduction to malware analysis-v2.pdf
byWajdiElhamzi3
 
Malware analysis
byPrakashchand Suthar
 
CNIT 126: Ch 2 & 3
bySam Bowne
 
Basic malware analysis
byCysinfo Cyber Security Community
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
bySam Bowne
 
Automated In-memory Malware/Rootkit Detection via Binary Analysis and Machin...
byMalachi Jones
 
Test Strategies & Common Mistakes
byfrisksoftware
 
Practical Incident Response - Work Guide
byEduardo Chavarro
 
A Fast Flowgraph Based Classification System for Packed and Polymorphic Malwa...
bySilvio Cesare
 
How do we detect malware? A step-by-step guide
byMarcus Botacin
 
A Scalable Approach for Malware Detec2on through Bounded Feature Space Behavi...
byLionel Briand
 
Nataraj.pdf
byHambardeAtharva
 
Security Challenges of Antivirus Engines, Products and Systems
byAntiy Labs
 
SAMBA - Luka Pavol - 12.3.2014
byAnton Bittner
 

Recently uploaded

PDF
First Semester BCA Fundamentals of Computers – Solved Question Paper (Kuvempu...
byKuvempu University
 
PPTX
The OpenChain China Mini-Summit at COSCON 2025
byShane Coughlan
 
PPTX
Application Security – Static Application Security Testing (SAST)
byLalit Jagotra
 
PDF
Reusable technology: Saving development time with shared Unity plug-ins and S...
byBruno Cicanci
 
PDF
Guidewire Vs. Openkoda: Customizable, Open Alternative to Lagacy Core Systems
byOpenkoda
 
PPTX
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
PDF
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PDF
Licensing for Software-as-a-Service (SaaS)
byteam-WIBU
 
PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PDF
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
PPTX
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
PPTX
GDS Integration Solution | GDS Integration Service
byyugababu033
 
PDF
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
PPTX
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
PPTX
Deep Dive into Durable Functions, presented at Cloudbrew 2025
byJoonas Westlin
 
PPTX
AI-Powered Clinic Management Software for Trichology Clinics in India Enhanci...
byEasy Clinic
 
PDF
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
PDF
Operating System (OS) :UNIT-I Introduction to Operating System BCA SEP SEM-II...
byKuvempu University
 
PDF
Data structure using C :UNIT-I Introduction to Data structures and Stacks BCA...
byKuvempu University
 
First Semester BCA Fundamentals of Computers – Solved Question Paper (Kuvempu...
byKuvempu University
 
The OpenChain China Mini-Summit at COSCON 2025
byShane Coughlan
 
Application Security – Static Application Security Testing (SAST)
byLalit Jagotra
 
Reusable technology: Saving development time with shared Unity plug-ins and S...
byBruno Cicanci
 
Guidewire Vs. Openkoda: Customizable, Open Alternative to Lagacy Core Systems
byOpenkoda
 
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
application security presentation 2 by harman
byharmanideapad
 
Licensing for Software-as-a-Service (SaaS)
byteam-WIBU
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
GDS Integration Solution | GDS Integration Service
byyugababu033
 
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
Deep Dive into Durable Functions, presented at Cloudbrew 2025
byJoonas Westlin
 
AI-Powered Clinic Management Software for Trichology Clinics in India Enhanci...
byEasy Clinic
 
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
Operating System (OS) :UNIT-I Introduction to Operating System BCA SEP SEM-II...
byKuvempu University
 
Data structure using C :UNIT-I Introduction to Data structures and Stacks BCA...
byKuvempu University
 

Webcast: The Similarity Evidence Explorer For Malware

  • 1.
    The Similarity Evidence Explorerfor Malware A SCALABLE VISUALIZATION FOR COMPARING MALWARE ATTRIBUTES Robert Gove Senior Research Engineer, LABS | FAIRFAX, VA 2/18/2015 1
  • 2.
    Meet the Presenter RobertGove is a Senior Research Engineer at Invincea Labs. He is a data visualization expert who has recently worked on Cynomix, a web- based community malware triage tool. He has several years of experience designing and implementing novel visualizations to support analysts in answering complicated questions. Robert has a Master of Science in Computer Science from The University of Maryland where his thesis was on evaluating visualization tools for citation network exploration.
  • 3.
    Malware Analysis UseCase SITUATION: Major corporation hacked • Stack of malware to analyze • Need to compare to other malware
  • 4.
  • 5.
    Need to CompareMalware comparison 1 %s Connected! /fetch.py cmd.exe __getmainargs _controlfp add “HKCU” advapi32.dll AllocConsole Analog CloseHandle cmd.exe CreatePipe DeleteFileA FileSize InternetConnect InternetOpen InternetOpenUrl kernel32.dll read failed lstrlenA . . . focal sample %s Connected! /fetch.py cmd.exe __getmainargs _controlfp Accept:*/* add “HKCU” advapi32.dll Analog CloseHandle cmd.exe CreatePipe DeleteFileA FileSize InternetConnect InternetOpen InternetOpenUrl kernel32.dll read failed lstrcatA . . . comparison 2 /install __getmainargs __p__commode _controlfp _strnicmp add “HKCU” advapi32 Analog cd-rom check service CloseServiceHandle cmdpath= CopyPathA DeleteFileA Install service HTTPQueryInfo InternetOpen InternetOpenUrl read failed lstrcatA . . . comparison n /install __getmainargs __p__fmode _initterm _strcmpi Accept:*/* add “HKCU” advapi32 tcp cmdpath= CopyFileA FileSize Install service HTTPQueryInfo InternetOpen InternetOpenUrl read failure lstrcatA msvcrt.dll net start . . . …
  • 6.
    Existing Malware VizTools compare system calls [Trinius et al, 2009] [Saxe et al, 2012] individual malware [Conit et al, 2008] [Quist and Lierbrock, 2009] [Domas, 2012]
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
    SEEM Demo [ DEMO] try it yourself: www.cynomix.org
  • 12.
    SEEM Conclusion • Large-scalemalware comparison –Comparison overviews with histograms –Detailed visualizations of comparisons compare large group of malware across sets of strings, DLLs, and function calls Interested? www.cynomix.org cynomix@invincea.comSupported by DARPA award FA8750-10-C-0169 as part of Cyber Genome
  • 13.
    Questions? @Invincea @InvinceaLabs @rpgove Learn more aboutInvincea’s solutions or visit our website at www.invincea.com Contact us at 1-855-511-5967