|
|
Development Environment for YARA Language
Kašťák, Matej ; Křivka, Zbyněk (referee) ; Regéciová, Dominika (advisor)
Cieľom tejto práce je vytvoriť vývojové prostredie pre jazyk YARA. Najprv, definujeme jazyk YARA spolu s tým ako je používaný v rámci Avastu. Ďalej, uvedieme súčasné trendy vývojových prostredí a ako sú typicky rozšírené. Použitím týchto informácií definujeme tri návrhové koncepty YDE, YLS a YARI, ktoré budú implementované ako výsledok tejto práce. Na koniec rozoberieme použité metódy testovania, spätnú väzbu používateľov a možné vylepšenia do budúcnosti.
|
|
|
Extending YARA Language
Kender, Tomáš ; Zobal, Lukáš (referee) ; Regéciová, Dominika (advisor)
This thesis is focused at improvements for a tool called YARA, which is used for describing malware patterns and finding these patterns in files that are subject for scanning. We will add new syntactic features and improve the scanning process of behavioral files generated by Cuckoo Sandbox. During the process of adding these features, we will extend lexical and syntactic rules of the language, introduce a dynamic array type, optimize bytecode and implement a new command for it. The output of this thesis is going to be a new version of YARA that simplifies rule writing for malware analysts and aims to improve scanning performance of behavioral data.
|
|
|
Multiplatform Linux Sandbox for Analyzing IoT Malware
Uhříček, Daniel ; Burget, Radek (referee) ; Kolář, Dušan (advisor)
Analýza IoT malwaru je problematická zejména pro množství a rozlišnost architektur procesorů používaných IoT zařízeními. Práce shrnuje možnosti statické, dynamické a síťové analýzy Linuxového malwaru a hodnotí existující open source řešení oddělených běhových prostředí pro automatizovanou analýzu. Práce navrhuje modulární, rozšířitelný systém s~jednoduchými možnostmi nasazení, dostupnou API a webovým rozhraním. Výsledná implementace podporuje pět architektur a byla testována na vzorcích IoT malwaru.
|
|
|
Analysis and Detection of RAT Malware
Sidor, Samuel ; Frolka, Jakub (referee) ; Hajný, Jan (advisor)
Goal of this bachelor’s thesis is studying problematics of various types of malware with specific focus on RAT (Remote Access Trojan) category. This thesis will also acquaint reader with static and dynamic binary analysis and terms like reverse engineering, sandboxing, decompilation, etc. Then chosen malware families will be analysed and for these families detection rules in YARA language will be created. Except this, reader will be acquainted also with protection against RAT malware and finally data acquired from detail analysis will be evaluated.
|
|
|
Improved Pattern Generation for Detection of Malicious Code
Štěpánek, Martin ; Regéciová, Dominika (referee) ; Křivka, Zbyněk (advisor)
This thesis deals with an automatic pattern generation, that can be used for detection of malicious code. The aim of this thesis is to create a tool to help the analysts to detect malware. Approaches of malware detection used in Avast Software are reviewed. A tool called YaraGen, which was improved in this work, is presented. New analyses implemented for YaraGen are introduced. The main contribution of this thesis are behavioral analyses of a malicious code.
|
|
|
Phishing Detection in Web Pages
Beňo, Marek ; Hrivňák, Ján (referee) ; Holkovič, Martin (advisor)
This work deals with the design of a phishing attack detection and classification tool. The work describes techniques and forms of phishing attacks and availible tools and techniques for phishing detection. Based on the analysis of existing tools a solution for file classification is proposed. Implemented tool handles input parsing and creation of input model. Model is based on hybrid analysis of input file and URL. Using the YARA tool, YARA rules are applied which are then used in creation of input classification. Analysis of input model and definition of classification rules is enabled by implemented YARA module. Implemented solution makes it possible to define YARA rules for phishing classification based on the structural properties of a phishing file and features of source URL.
|
|
|
Methods of Ransomware Analysis and Detection
Vojtáš, Samuel ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
The purpose of this thesis is to demonstrate the threat of malware and to describe its forms. Special focus is put on ransomware - its historical evolution, method of analysis, detection, and recovery from it. Various techniques of reverse engineering are also introduced alongside concepts related to it, such as static and dynamic analysis or sandboxing. Paper centers around creating detection mechanisms and malware classification. Company Avast provided samples of several ransomware families for the analysis to create detection YARA rules and to describe samples' behavior. The process of development of detection mechanisms for ransomware threats is shown alongside the method to decrypt files encrypted by various ransomware families that contained cryptography errors. The end of the thesis sums up the resulting data regarding the efficiency of defense mechanisms.
|
|
|
System for Pattern Recognition in Binary Files
Milkovič, Marek ; Kolář, Dušan (referee) ; Matula, Peter (advisor)
Malicious software spreads really fast in the age of the Internet and it harms users and their data. Therefore, it is necessary to improve methods of how we deal with its analysis, so we can protect potential victims. This thesis deals with design and implementation of system for generating patterns out of executable files in cooperation with AVG Technologies. The goal of this work is to create a tool that generates a detection pattern from the set of binary files. This work further proposes new types of analyses for extraction of information out of executable files. Designed and implemented system is used in practice for analysis of new malicious code and it is integrated into the clustering system.
|
|
|
Analysis and Detection of PWS Malware
Blažek, Jan ; Křoustek, Jakub ; Dzurenda, Petr
Cyberdefense became important, especially duringthe last decade. The rapid growth of information technologiescaused a significant increase in cyber attacks and threats onthe Internet. Malware analysis forms a critical component ofcyberdefense mechanisms. In this article, we study the issue ofmalicious code and its various types, with a specific focus on thetype known as PassWord Stealers (PWS). To do so, we deployedseveral methods of analyzing binary executable code, such asstatic and dynamic analysis, and sandboxing. We analyze 11recently discovered malware families. From that, we discovered3 new strains of malware, namely SevenStealer, NeedleDropper,and AtlantidaStealer. Furthermore, we have created appropriatedetection rules for all of these malware, which have improvedthe detection capabilities of Avast anti-virus (AV) softwareworldwide. At the end of this article, we present the resultingdata illustrating the spread of analyzed malware in the user baseof the Avast company.
|
|
| |
guest ::
