Hello,
I would like to inquire about the needed malware analysis features that are missing from your every day lives of malware analysis. We already have automated malware analysis systems like Malwr (Cuckoo), Joe Sandbox, Anubis, etc. This topic is meant to shed some light on the features you would like to have and are missing in current malware analysis systems. Below I'm providing a few of the features I'm missing in everyday life of malware analyst:
1. Malware analysis knowledge base: there's sometimes the case that you stumble upon a malware sample using a unique technique of doing some action that you haven't seen before. I miss a unified collection of techniques malware uses in order to achieve an action: like establishing a persistence behavior.
2. Not detailed enough: some automated malware analysis systems don't provide enough details about malware, like for example when malware injects a DLL into another process and executes from there.
3. Linux support: Linux is practically not supported by any automated malware analysis system (except joe sandbox is working on a solution). I would sometimes need such a system to come to my aid in malware analysis.
I would like to hear your thoughts about the three points outlined above and possibly hear new thoughts about needed features that would be beneficial for malware analysis.
Thank you for taking the time to reply and share knowledge/experience.
Regards,
I would like to inquire about the needed malware analysis features that are missing from your every day lives of malware analysis. We already have automated malware analysis systems like Malwr (Cuckoo), Joe Sandbox, Anubis, etc. This topic is meant to shed some light on the features you would like to have and are missing in current malware analysis systems. Below I'm providing a few of the features I'm missing in everyday life of malware analyst:
1. Malware analysis knowledge base: there's sometimes the case that you stumble upon a malware sample using a unique technique of doing some action that you haven't seen before. I miss a unified collection of techniques malware uses in order to achieve an action: like establishing a persistence behavior.
2. Not detailed enough: some automated malware analysis systems don't provide enough details about malware, like for example when malware injects a DLL into another process and executes from there.
3. Linux support: Linux is practically not supported by any automated malware analysis system (except joe sandbox is working on a solution). I would sometimes need such a system to come to my aid in malware analysis.
I would like to hear your thoughts about the three points outlined above and possibly hear new thoughts about needed features that would be beneficial for malware analysis.
Thank you for taking the time to reply and share knowledge/experience.
Regards,