Demo Labs - malconfscan with cuckoo

Cite

DEF CON

Tani, Tamoaki et al.

Formal Metadata

Title

Demo Labs - malconfscan with cuckoo

Title of Series

DEF CON Safe Mode

Number of Parts

374

Author

Tani, Tamoaki

et al.

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/50823 (DOI)

Publisher

DEF CON

Release Date

2020

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

"MalConfScan with Cuckoo" is a tool for automatically extracting known Windows and Linux malware's configuration data. MalConfScan with Cuckoo works as a plug-in for Cuckoo Sandbox. Cuckoo Sandbox is a leading open-source automated malware analysis system. You can automatically dump malware configuration data by installing this plug-in on Cuckoo. This is a unique feature compared to other commercial Sandbox products. It supports over 30+ Windows and Linux malware families to extract the configuration data. Also, it can be used for the memory forensics tool for Windows/Linux OS as a Volatility plug-in. It helps to detect known/unknown malware and extract configuration data from memory images.