Internet-Scale File Analysis

Explore an advanced system for large-scale malicious file analysis in this 46-minute Black Hat conference talk. Delve into the challenges of analyzing diverse file types beyond traditional PE32 files, including PDFs and Office documents. Learn about TOTEM, a cloud-based orchestration system capable of coordinating and scaling malware analytics across multiple providers and thousands of instances. Discover how TOTEM intelligently segregates work based on file type, analysis duration, and computational complexity. Examine DRAKVUF, an open-source dynamic malware analysis system designed for unparalleled scalability, stealth, and visibility. Understand how DRAKVUF leverages Intel's hardware virtualization extensions and the Xen hypervisor to remain hidden from executing samples while monitoring both kernel-mode rootkits and user-space applications. Gain insights into the design, implementation, and practical deployment of TOTEM and DRAKVUF for analyzing vast numbers of binary files at an internet scale.