Manuel Blatt
Last known affiliation: Fraunhofer FKIE
Bio: Manuel Blatt works as a security researcher at Fraunhofer FKIE. In his master’s thesis, he focused on malware families written in and obfuscation schemes enabled through the .NET framework. Manuel is also a primary contributor of MCRIT.
Daniel Plohmann 🗣 | Daniel Enders | Manuel Blatt
Abstract (click to view)
Ever since launching Malpedia [1] at Botconf 2017, we continuously maintained and expanded our community-driven data set with the vision of exploring new ways to leverage it effectively for the research of and defense against malware. A primary research scope for us was working towards enabling efficient one-to-many code similarity analysis. After almost 4 years of research and development, we now finally want to share our results. With this presentation, we will publicly release MCRIT, the MinHash-based Code Relationship & Investigation Toolkit [2]. After giving a short overview of the underlying techniques and implementation, we will explain in a series of practical examples how to apply MCRIT for the three primary use cases it has been geared towards so far:
- Malware family and library code differentiation to accelerate triage and analysis
- Isolation of unique family code to provide means for hunting towards their characteristics
- Lead generation for discovering potentially unknown links between samples and families
