DEF CON Safe Mode Demo Labs - Tamoaki Tani - malconfscan with cuckoo
About this talk
"MalConfScan with Cuckoo" is a tool for automatically extracting known Windows and Linux malware's configuration data. MalConfScan with Cuckoo works as a plug-in for Cuckoo Sandbox. Cuckoo Sandbox is a leading open-source automated malware analysis system. You can automatically dump malware configuration data by installing this plug-in on Cuckoo. This is a unique feature compared to other commercial Sandbox products. It supports over 30+ Windows and Linux malware families to extract the configuration data. Also, it can be used for the memory forensics tool for Windows/Linux OS as a Volatility plug-in. It helps to detect known/unknown malware and extract configuration data from memory images.
Topics covered
Stay Updated
Get notified about new features and conference additions.