Daniel Enders
Last known affiliation: TU Dortmund
Bio: Daniel Enders recently finished his studies in the Masters Programme for Computer Science at TU Dortmund University. In his master’s thesis, he performed an in-depth investigation of the static linking behavior of the Delphi and Golang programming languages. In this context, he showed how to effectively exclude library code from analysis, helping analysts to focus in intrinsic code. Daniel is a primary contributor of the MCRIT front-end.
Daniel Plohmann 🗣 | Daniel Enders | Manuel Blatt
Abstract (click to view)
Ever since launching Malpedia [1] at Botconf 2017, we continuously maintained and expanded our community-driven data set with the vision of exploring new ways to leverage it effectively for the research of and defense against malware. A primary research scope for us was working towards enabling efficient one-to-many code similarity analysis. After almost 4 years of research and development, we now finally want to share our results. With this presentation, we will publicly release MCRIT, the MinHash-based Code Relationship & Investigation Toolkit [2]. After giving a short overview of the underlying techniques and implementation, we will explain in a series of practical examples how to apply MCRIT for the three primary use cases it has been geared towards so far:
- Malware family and library code differentiation to accelerate triage and analysis
- Isolation of unique family code to provide means for hunting towards their characteristics
- Lead generation for discovering potentially unknown links between samples and families
