Open Analysis


UnpacMe (Free)

UNPACME is an automated malware unpacking service. Submissions to UNPACME are analyzed using a set of custom unpacking processes maintained by OpenAnalysis. These processes extract all packed payloads from the submission and return a unique set of payloads to the user. In short, UNPACME automates the first step in your malware analysis process.Unpack

Open Analysis Live!

Watch our tutorial videos where we demonstrate different malware analysis techniques and walk through the analysis of interesting malware samples. Each video is accompanied by samples and relevant tools so you can follow along in your lab. We also do user requests so if you would like to see us analyze something just send us an e-mail.Watch Now

OA Pivot

Use our Google Chrome plugin to instantly enrich indicators directly from your browser. OA Pivot enables indicator searching across the leading public malware intelligence feeds and tools. Simply right click on any term you want to enrich and select the service you want to search. OA Pivot can be dowloaded from the Chrome Web Store.Install


  • Our Philosophy

    We believe there is no substitute for a highly skilled, trained, and motivated analyst. When it comes to incident response investing in people rather than products has always been a winning strategy. With the amount of free online training resources currently available this investment is often as simple as ensuring your team members are provided free time for continuing education.We provide our training material for free but we also recognize the benefits of having a live instructor on-site. A live instructor is able to field questions and allow the students to dig deeper into the material. For this reason we offer tailored on-site versions for all of our training.

  • Crowdsourced Malware Triage

    Malware triage is an important function in any mature incident response program; the process of quickly analyzing potentially malicious files or URLs to determine if your organization has exposure. But what if you don’t have an incident response program? What if you are just setting one up? What if you don’t have the tools you need to perform your analysis? With the current offering of free online tools and the right mindset, a web browser and a notepad may be all you need.In this workshop you will work through the triage of a live Exploit Kit using only free online tools. We will provide an introduction and demo of each tool and support you as you perform your analysis.This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you are a strong developer and understand web technologies such as Javascript and Flash you should have no problem completing the workshop.Training Material

  • Malscripts Are The New Exploit Kit

    Traditionally malware triage has focused on exploit kits which were the initial infection vector of choice, but this is changing. In recent years malscripts and file based exploits have become an equally common initial infection vector. Often delivered via email, malscripts can take many different forms, WScript, Javascript, or embedded macros. However, the goal is always the same; obtain code execution and deliver a malicious payload.In this workshop you will work through the triage of a live malscript sample. During this process you will identify and extract malscripts from Office documents, manually deobfuscate the malscripts, circumvent anti-analysis techniques, and finally determine the purpose of the scripts and payload in order to develop countermeasures.This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners. If you have a good understanding of scripting languages like VBScript, and Javascript, and you are familiar with windows internals you should have no problem completing the workshop.Training Material

  • Using Open Data to Help Develop Robust Indicators

    Whether you are in the enterprise using malware triage as a gate to your incident response process, or a researcher using triage as a way to identify interesting malware samples, Indicators of Compromise (IOCs) will serve as the feedback loop in your triage process.As a malware sample makes its way through your triage process the output should be an IOC. Not only will the IOC be used as part of your malware hunting process but it can also be used in future triage to avoid re-analyzing similar samples. The key to an efficient triage process is robust IOCs, the more robust your IOC the more variations of malware it will cover and the less time you will have to spend on re-analyzing similar samples.In this workshop we present an iterative approach to building robust malware indicators; first developing primary indicators, then mining open data for related malware samples, using the collection of similar samples to build robust IOCs, and finally testing the IOCs for effectiveness. We will cover multiple free tools that can assist with the use of primary indicators as pivots to mine open data repositories, as well as test the effectiveness of your IOCs. During the workshop we will use real malware samples with demonstrations to walk through each step in the process then support you as you perform your own analysis.This workshop is aimed at incident responders and malware analysts who have a basic understanding of malware and the malware triage process. However, this is not an advanced course and deep knowledge of reverse engineering and malware analysis is NOT required.Training Material

Our Mission

At Open Analysis our mission is to provide open, high quality, automated malware analysis services to organizations and individuals. We also provide malware analysis training and free malware analysis workshops. All of our open source tools and our automated malware analysis services are free for everyone to use.

Research Team

Sean Wilson

Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modelling.

Sergei Frankoff

Sergei is a co-founder of Open Analysis, and volunteers as a malware researcher. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime. He actively contributes to open source tools and tries to publish as much analysis as possible. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.

Contact us