Skip to main content

Posts

Showing posts from June, 2020

Lupo — Malware IOC Extractor

Lupo — Malware IOC Extractor Debugging module for Malware Analysis Automation UPDATE: As requested by some readers, I have added a  video walk-through  at the end of this post, after the conclusion. Note: I was supposed to be teaching a class at Paranoia 2020 in Norway this year but the conference couldn’t go ahead due to COVID-19. As part of the class I was planning to release the beta version of this tool I wrote — Lupo . Since I couldn’t teach at Paranoia 2020, I decided to go ahead and release the tool anyway. The show must go on… Introduction Working on security incidents that involve malware, we come across situations on a regular basis where we feel the need to automate parts of the analysis process as complete manual analysis is, more often than not, not possible for every case due to many factors (time, skills, scale etc.). I wrote Lupo mainly to automate and accelerate the process as much as possible. Lupo is a dynamic analysis tool that can be used as a module with the deb