Internet-scale File Analysis

by Zachary Hanif, Tamas Lengyel, George Webster
Sept. 18, 2017 1 comment Black Hat belen_caty

We have developed TOTEM, a system which is capable of coordinating, orchestrating, and scaling malware analytics across multiple cloud providers and thousands of running instances. It is easy to add new capabilities to and can intelligently segregate work based on features, such as filetype, analytic duration, and computational complexity. TOTEM supports dynamic analysis through DRAKVUF, a novel open-source dynamic malware analysis system which was designed specifically to achieve unparalleled scalability, while maintaining a high level of stealth and visibility into the executing sample. Building on the latest hardware virtualization extensions found in Intel processors and the Xen hypervisor, DRAKVUF remains completely hidden from the executing sample and requires no special software to be installed within the sandbox. This talk will discuss the design, implementation, and practical deployment of TOTEM and DRAKVUF to analyze tremendous numbers of binary files.

Steven Ulm 7 months ago

This is a crazy idea in my opinion - but somehow I love it. Good luck with the final implementation!