Submit your malware (hash) for analysis and our volunteers will attempt to identify the malware family and provide a preliminary malware triage report. If the results are insufficient for your needs you will be provided with the option of submitting the binary for further in-depth analysis. Please only submit hashes for samples that are uploaded to VirusTotal.
Watch our tutorial videos where we demonstrate different malware analysis techniques and walk through the analysis of interesting malware samples. Each video is accompanied by samples and relevant tools so you can follow along in your lab. We also do user requests so if you would like to see us analyze something just send us an e-mail.
Use our Google Chrome plugin to instantly enrich indicators directly from your browser. OA Pivot enables indicator searching across the leading public malware intelligence feeds and tools. Simply right click on any term you want to enrich and select the service you want to search. OA Pivot can be dowloaded from the Chrome Web Store.
We believe there is no substitute for a highly skilled, trained, and motivated analyst. When it comes to incident response investing in people rather than products has always been a winning strategy. With the amount of free online training resources currently available this investment is often as simple as ensuring your team members are provided free time for continuing education.
We provide our training material for free but we also recognize the benefits of having a live instructor on-site. A live instructor is able to field questions and allow the students to dig deeper into the material. For this reason we offer tailored on-site versions for all of our training.
Malware triage is an important function in any mature incident response program; the process of quickly analyzing potentially malicious files or URLs to determine if your organization has exposure. But what if you don’t have an incident response program? What if you are just setting one up? What if you don’t have the tools you need to perform your analysis? With the current offering of free online tools and the right mindset, a web browser and a notepad may be all you need.
In this workshop you will work through the triage of a live Exploit Kit using only free online tools. We will provide an introduction and demo of each tool and support you as you perform your analysis.
In this workshop you will work through the triage of a live malscript sample. During this process you will identify and extract malscripts from Office documents, manually deobfuscate the malscripts, circumvent anti-analysis techniques, and finally determine the purpose of the scripts and payload in order to develop countermeasures.
Whether you are in the enterprise using malware triage as a gate to your incident response process, or a researcher using triage as a way to identify interesting malware samples, Indicators of Compromise (IOCs) will serve as the feedback loop in your triage process.
As a malware sample makes its way through your triage process the output should be an IOC. Not only will the IOC be used as part of your malware hunting process but it can also be used in future triage to avoid re-analyzing similar samples. The key to an efficient triage process is robust IOCs, the more robust your IOC the more variations of malware it will cover and the less time you will have to spend on re-analyzing similar samples.
In this workshop we present an iterative approach to building robust malware indicators; first developing primary indicators, then mining open data for related malware samples, using the collection of similar samples to build robust IOCs, and finally testing the IOCs for effectiveness. We will cover multiple free tools that can assist with the use of primary indicators as pivots to mine open data repositories, as well as test the effectiveness of your IOCs. During the workshop we will use real malware samples with demonstrations to walk through each step in the process then support you as you perform your own analysis.
This workshop is aimed at incident responders and malware analysts who have a basic understanding of malware and the malware triage process. However, this is not an advanced course and deep knowledge of reverse engineering and malware analysis is NOT required.
At Open Analysis our goal is to provide high quality malware analysis services to organizations and individuals who need to temporarily augment their capabilities. Our analysis is actionable, relevant, and agnostic. We clearly differentiate between facts and hypotheses and provide all information required to proceed with incident response. We also provide free malware analysis training and maintain a suite of free open source malware analysis and incident response tools.
All of our open source tools and our automated malware analysis services are free for everyone to use. Unless discretion is specifically requested by a client, all of our malware reports are shared free though our OALabs portal. We are not intelligence brokers we are malware analysts and former incident responders who want to help in the fight against malware.
Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modelling.
Sergei is a co-founder of Open Analysis, and volunteers as a malware researcher. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime. He actively contributes to open source tools and tries to publish as much analysis as possible. With over a decade of experience Sergei has held roles both, as the manager of an incident response team, and as a malware researcher.