Tweet
Friday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood
Audience: Defense, Malware, Threat Intelligence Parmanand Mishra
ATT&CK framework has become a benchmark in the security domain. ATT&CK provides data about each technique used across different attack stages. Hachi was created to contribute to the ATT&CK community. Hachi is based on the radare2 framework and uses data provided by ATT&CK to map the symptoms of malware on ATT&CK matrix.
Following modules of Hachi make this tool a great addition to an analyst’s or company’s armaments:
• Threat Intel: Hachi provides threat intelligence data like a possible parent campaign or author of a malware file.
• Malware behavior: It uncovers core malware behaviors using automated static analysis coupled with symbolic execution to explore multiple execution paths and maps it on ATT&CK matrix.
• RESTful API: Hachi provides RESTful API which enables this tool to seamlessly integration with malware processing frameworks.
• Visualization: It allows for the creation of detailed visual reports.
• Integration with Threat Intel feeds: It can be integrated with different threat intelligence feeds for enhanced security or expanded insights.
The primary aim of this tool is to act as a force multiplier for the InfoSec community and aid the analysis of malware.
https://github.com/Kart1keya/Hachi
Parmanand Mishra
Parmanand Mishra is a security enthusiast who is currently working as Senior Malware Researcher at Qualys Inc. He works on malware analysis and adversary simulation based on ATT&CK and loves creating tools on the same. He has spoken at security conferences like c0c0n and goes by Kart1keya on GitHub.
Audience: Defense, Malware, Threat Intelligence Parmanand Mishra
ATT&CK framework has become a benchmark in the security domain. ATT&CK provides data about each technique used across different attack stages. Hachi was created to contribute to the ATT&CK community. Hachi is based on the radare2 framework and uses data provided by ATT&CK to map the symptoms of malware on ATT&CK matrix.
Following modules of Hachi make this tool a great addition to an analyst’s or company’s armaments:
• Threat Intel: Hachi provides threat intelligence data like a possible parent campaign or author of a malware file.
• Malware behavior: It uncovers core malware behaviors using automated static analysis coupled with symbolic execution to explore multiple execution paths and maps it on ATT&CK matrix.
• RESTful API: Hachi provides RESTful API which enables this tool to seamlessly integration with malware processing frameworks.
• Visualization: It allows for the creation of detailed visual reports.
• Integration with Threat Intel feeds: It can be integrated with different threat intelligence feeds for enhanced security or expanded insights.
The primary aim of this tool is to act as a force multiplier for the InfoSec community and aid the analysis of malware.
https://github.com/Kart1keya/Hachi
Parmanand Mishra
Parmanand Mishra is a security enthusiast who is currently working as Senior Malware Researcher at Qualys Inc. He works on malware analysis and adversary simulation based on ATT&CK and loves creating tools on the same. He has spoken at security conferences like c0c0n and goes by Kart1keya on GitHub.