UNPACME is an automated malware unpacking service. Submissions to UNPACME are analyzed using a set of custom unpacking processes maintained by OpenAnalysis. These processes extract all packed payloads from the submission and return a unique set of payloads to the user. In short, UNPACME automates the first step in your malware analysis process.Unpack
Watch our tutorial videos where we demonstrate different malware analysis techniques and walk through the analysis of interesting malware samples. Each video is accompanied by samples and relevant tools so you can follow along in your lab. We also do user requests so if you would like to see us analyze something just send us an e-mail.Watch Now
Use our Google Chrome plugin to instantly enrich indicators directly from your browser. OA Pivot enables indicator searching across the leading public malware intelligence feeds and tools. Simply right click on any term you want to enrich and select the service you want to search. OA Pivot can be dowloaded from the Chrome Web Store.Install
We believe there is no substitute for a highly skilled, trained, and motivated analyst. When it comes to incident response investing in people rather than products has always been a winning strategy. With the amount of free online training resources currently available this investment is often as simple as ensuring your team members are provided free time for continuing education.We provide our training material for free but we also recognize the benefits of having a live instructor on-site. A live instructor is able to field questions and allow the students to dig deeper into the material. For this reason we offer tailored on-site versions for all of our training.
Whether you are in the enterprise using malware triage as a gate to your incident response process, or a researcher using triage as a way to identify interesting malware samples, Indicators of Compromise (IOCs) will serve as the feedback loop in your triage process.As a malware sample makes its way through your triage process the output should be an IOC. Not only will the IOC be used as part of your malware hunting process but it can also be used in future triage to avoid re-analyzing similar samples. The key to an efficient triage process is robust IOCs, the more robust your IOC the more variations of malware it will cover and the less time you will have to spend on re-analyzing similar samples.In this workshop we present an iterative approach to building robust malware indicators; first developing primary indicators, then mining open data for related malware samples, using the collection of similar samples to build robust IOCs, and finally testing the IOCs for effectiveness. We will cover multiple free tools that can assist with the use of primary indicators as pivots to mine open data repositories, as well as test the effectiveness of your IOCs. During the workshop we will use real malware samples with demonstrations to walk through each step in the process then support you as you perform your own analysis.This workshop is aimed at incident responders and malware analysts who have a basic understanding of malware and the malware triage process. However, this is not an advanced course and deep knowledge of reverse engineering and malware analysis is NOT required.Training Material
At Open Analysis our mission is to provide open, high quality, automated malware analysis services to organizations and individuals. We also provide malware analysis training and free malware analysis workshops. All of our open source tools and our automated malware analysis services are free for everyone to use.
Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modelling.
Sergei is a co-founder of Open Analysis, and volunteers as a malware researcher. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime. He actively contributes to open source tools and tries to publish as much analysis as possible. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.