Grey Matter [Archive] [Tags] [Projects] [Research]

Patents

Apr/2017 - Method and Apparatus for Intelligent Aggregation of Threat Behavior for the Detection of Malware
An attempt towards automated selection and grouping of aggregated threat behavior indicators depicting dominant malware characteristics.

Dec/2014 - Using A Probability-based Model To Detect Random Content In A Protocol Field Associated With Network Traffic (US9680832B1)
A novel idea based upon stochastic processes derived machine learning model to identify and classify random/malicious content in network traffic.

Sep/2014 - Deobfuscating Scripted Language For Network Intrusion Detection Using A Regular Expression Signature (US9419991B2)
An attempt towards normalizing obfuscated web scripts for network security appliances to consume and operate upon.

Talks/Papers/Demos

Visual Network and File Forensics
This presentation aims to demo the effectiveness of visual tooling for malware and file-format forensics. It will cover structural analysis and visualization of malware and network artifacts. Various techniques like entropy/n-gram visualization, using compression-ratio and theoretical minsize to identify file type and packed content will be shown. Along with this, a framework that helps automate these tasks will be presented. Attendees with an interest in network monitoring, signature writing, malware analysis and forensics will find this presentation to be useful.
29/Jul/2017 - DEF CON 25 Packet Hacking Village (Help Net Security)

Rudra: The Destroyer of Evil
Rudra aims to provide a developer-friendly framework for exhaustive analysis of (PCAP and PE) files. It provides features to scan and generate reports that include file's structural properties, entropy visualization, compression ratio, theoretical minsize, etc. These details, alongwith file-format specific analysis information, help an analyst to understand the type of data embedded in a file and quickly decide if it deserves further investigation. It supports scanning PE files and can perform API scans, anti{debug, vm, sandbox} detection, packer detection, authenticode verification, alongwith Yara, shellcode, and regex detection upon them.
06/Aug/2016 - DEF CON 24 Demo Labs
03/Aug/2016 - BlackHat USA 2016 Arsenal
28/Jul/2016 - OWASP Pune Meeting May/July 2016
31/Mar/2016 - BlackHat Asia 2016 Arsenal
13/Nov/2015 - BlackHat EU 2015 Arsenal
08/Aug/2015 - DEF CON 23 Demo Labs
05/Aug/2015 - BlackHat USA 2015 Arsenal (Help Net Security)

Flowinspect: Network Inspection Tool on Steroids
Flowinspect is a tool developed specifically for network monitoring and inspection purposes. It takes network traffic as input and extracts layer 4 flows from it. These flows are then passed through an inspection engine that filters and extracts interesting network sessions. For flows that meet inspection criteria, the output mode dumps match statistics to either stdout or a file or both.
06/Aug/2014 - BlackHat USA 2014 Arsenal (ToolsWatch)
14/Feb/2014 - Nullcon 2014 (Video)