This repository was archived by the owner on Jan 10, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tex
88 lines (75 loc) · 2.42 KB
/
main.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
\documentclass[graphics]{beamer}
\usepackage{graphicx}
\begin{document}
\title{MalwareDB: Bookkeeping for malicious \& benign samples}
\author[]{Richard Zak (@rjzak)}
\date{10 January 2025}
\begin{frame}{}
\maketitle
\end{frame}
\begin{frame}{\texttt{whoami}}
\begin{itemize}
\item Programmer; malware \& machine learning researcher at \small \$\{DAYJOB\}
\item Linux, Rust, \& open source enthusiast
\end{itemize}
\end{frame}
\begin{frame}{Core features}
\begin{itemize}
\item Store \& retrieve samples
\item Store metadata \& parsed features
\item Search based on fuzzy hashes
\begin{itemize}
\item SSDeep, LZJD
\item TLSH
\end{itemize}
\item Organize samples by source \& hierarchical labels
\item Provide context to files
\item Optional data enrichment via VirusTotal
\item Optional sample encryption on disk to prevent AV deletion
\end{itemize}
\end{frame}
\begin{frame}{Motivation}
MalwareDB helps you to be able to ask questions of your data:
\begin{itemize}
\item When was the sample acquired and from where?
\item Is there overlap between datasets? Undiscovered relationship?
\item What do I know about the sample?
\end{itemize}
\end{frame}
\begin{frame}{Architecture}
\begin{itemize}
\item Client/server applications
\begin{itemize}
\item Documented HTTP API for third-party access/integration
\end{itemize}
\item Postgres backend
\item Open source
\item Written in Rust!
\end{itemize}
\end{frame}
\begin{frame}{Future}
\begin{itemize}
\item Provide metadata for some malware collections, likely starting with VirusShare.
\item Store samples for training machine learning models
\begin{itemize}
\item Clustering to show related samples
\item Classification for benign vs. malicious
\end{itemize}
\end{itemize}
\end{frame}
{
\setbeamertemplate{background}
{
\includegraphics[scale=0.36]{IMG_4760.jpg}
}
\begin{frame}
\end{frame}
}
\begin{frame}{Getting it}
Github: \url{https://github.com/malwaredb/malwaredb-rs}
\includegraphics[scale=0.4]{github-qr.png}
Crates.io: \url{https://crates.io/crates/malwaredb} \\ ~~ \\
\texttt{cargo install malwaredb} \\
\texttt{cargo install malwaredb-client}
\end{frame}
\end{document}