1. Method and Apparatus for Intelligent Aggregation of Threat Behavior for the Detection of Malware (Apr/2017)
    An attempt towards automated selection and grouping of aggregated threat behavior indicators depicting dominant malware characteristics.

  2. Using A Probability-based Model To Detect Random Content In A Protocol Field Associated With Network Traffic (Dec/2014 | US9680832B1)
    A novel idea based upon stochastic processes derived machine learning model to identify and classify random/malicious content in network traffic.

  3. Deobfuscating Scripted Language For Network Intrusion Detection Using A Regular Expression Signature (Sep/2014 | US9419991B2)
    An attempt towards normalizing obfuscated web scripts for network security appliances to consume and operate upon.


  1. Angad: Framework for Multi-Dimensional Malware Visualization
    Angad is a framework to automate classification of an unlabelled malware dataset using multi-dimensional modelling. The input dataset is analyzed to collect various attributes which are then arranged in a number of feature vectors. These vectors are then individually visualized, indexed and then queried for each new input file. Matching vectors are labelled as per their AV detection categories for now but this could be changed to a heuristics approach if needed. If dynamic behavior or network traffic details are available, vectors are also converted into activity graphs that depict evolution of activity with a predefined time scale. This results into an animation of malware family or category behavior traits and is also useful in identifying activity overlaps across the input dataset.
    Aug/2018 - DEF CON 26 Demo labs
    Sep/2018 - GrrCON 2018 (Video)
    Sep/2018 - BSides Zürich 2018
    Oct/2018 - SecTor 2018

  2. Visual Network and File Forensics
    This presentation aims to demo the effectiveness of visual tooling for malware and file-format forensics. It will cover structural analysis and visualization of malware and network artifacts. Various techniques like entropy/n-gram visualization, using compression-ratio and theoretical minsize to identify file type and packed content will be shown. Along with this, a framework that helps automate these tasks will be presented. Attendees with an interest in network monitoring, signature writing, malware analysis and forensics will find this presentation to be useful.
    Oct/2017 - Virus Bulletin (VB2017)
    Jul/2017 - DEF CON 25 Packet Hacking Village Video (Help Net Security)

  3. Rudra: The Destroyer of Evil
    Rudra aims to provide a developer-friendly framework for exhaustive analysis of (PCAP and PE) files. It provides features to scan and generate reports that include file's structural properties, entropy visualization, compression ratio, theoretical minsize, etc. These details, alongwith file-format specific analysis information, help an analyst to understand the type of data embedded in a file and quickly decide if it deserves further investigation. It supports scanning PE files and can perform API scans, anti{debug, vm, sandbox} detection, packer detection, authenticode verification, alongwith Yara, shellcode, and regex detection upon them.
    06/Aug/2016 - DEF CON 24 Demo Labs
    03/Aug/2016 - BlackHat USA 2016 Arsenal
    28/Jul/2016 - OWASP Pune Meeting May/July 2016
    31/Mar/2016 - BlackHat Asia 2016 Arsenal
    13/Nov/2015 - BlackHat EU 2015 Arsenal
    08/Aug/2015 - DEF CON 23 Demo Labs
    05/Aug/2015 - BlackHat USA 2015 Arsenal (Help Net Security)

  4. Flowinspect: Network Inspection Tool on Steroids
    Flowinspect is a tool developed specifically for network monitoring and inspection purposes. It takes network traffic as input and extracts layer 4 flows from it. These flows are then passed through an inspection engine that filters and extracts interesting network sessions. For flows that meet inspection criteria, the output mode dumps match statistics to either stdout or a file or both.
    06/Aug/2014 - BlackHat USA 2014 Arsenal (ToolsWatch)
    14/Feb/2014 - Nullcon 2014 (Video)

You'll only receive email when they publish something new.

More from Grey Matter
All posts