Automating dynamic malware analysis
Using a devops toolchain for deploying, maintaining and monitoring dynamic malware analysis sandbox solutions.
When it comes to determining if a file is malicious or not there is a lot to take into consideration before you can give your final answer. Sometimes a benign looking word document can encrypt your files and sometimes important piece of software can be classified as malware. To be able to determine which is which you need to use a plethora of tools working together to give you the necessary data for such decision.
Some of these tools include malware analysis sandboxes. These tools are used for executing files in isolated environments and tracking the behavior of said files. Setup of such an environment is no trivial task but things get much more complicated when you need to analyze tens of thousands files per day using more than one sandbox solution.
My day to day job includes using different tools and technologies for deploying and automating such systems so that end users being threat analysts or client companies can get their data just by uploading a file via REST API. Tools and technologies that I use include python, ceph, jenkins, ansible, kvm, Virtualbox, influxdb, grafana, rmq and some more.
The end result is a system that provides some of the data that is used for identifying if some file is malicious or not and what is the impact of running that file on your system. It has its own flaws and benefits, limitations and advantages and it is the most useful when it is observed as just a part of your defense and threat intelligence tool belt.
> Skill level: intermediate
> Duration: 25 min
Shortly after getting my master's degree in Information Technology in Education at the Faculty of Organization and Informatics I've started to work at(then) small software development company called Serengeti. There I've spent four years working on different projects for our clients. Projects that I've worked on include developing telecommunications, logistics, and public administration systems using Java technologies.
After four years I've decided to change the path of my career and I've applied for a job of Junior DevOps engineer at ReversingLabs. There I've switched my focus from Java to Python and CI/CD tools and started to learn about the art of system administration and automation in the field of threat intelligence and cyber security.
Currently I'm working on a position of DevOps engineer maintaining existing and implementing new sandbox solutions in our dynamic analysis cluster and also helping other teams to integrate those solutions into our appliances.
My other interests include science fiction and chess.