Saturday, March 19, 2016

Update - Hook Analyser Project

Readers,

On this post I'd like to share some of the updates on the next release of Hook Analyser project v3.4.

In the current state i.e. v3.3, Hook Analyser has got the two (2) key capabilities: Malware Analysis (static and dynamic) and (Open Source) Threat Intelligence (collection, correlation and visualisation).

I'd like to announce that one of my other projects - Incident Analyser will be ported into Hook Analyser as a module called "Probe Engine".

The Probe Engine performs AD enumeration to extract information about registered machines, privileged accounts-related details etc. Once the list of the machines is extracted, or a user-specified network range is provided, Probe engine will connect to each of the machine (credential will be required) and extract information such as external IPs where machines are connected with, processes hashes related information etc. This information will subsequently flow through the intelligence and malware analysis module for further analysis and investigation.

As you'd imagine, this is a major step in terms of the project maturity - and it may take some time. I'll try my best to release a working version as soon as possible.

At a high-level, the project will address following key use cases -
  • Breach detection through information collection and co-relation with open source intelligence
  • Basic and Advanced Malware Analysis
  • Security controls enrichment through collection and sharing of Indicators of Compromise (IOCs) 



Interested to see how community is utilising Hook Analyser? Following are some noteworthy mentions -

Tuesday, March 8, 2016

Hook Analyser 3.3 Release and A Great News!

Readers,

2015 was an incredible year for Hook Analyser for several reasons e.g. new functionalities introduced, several critical bugs were fixed and of course "the new baby - ThreatIntel module" was added as well. The ThreatIntel module was introduced as a value-add to the malware analysis module/engine. However, I admit that I underestimated its value : The ThreatIntel module has become bigger than ever with over 200 commits in the last 12 months. This is attributed to the requests of Hook Analyser users.

I'd like to announce that Hook Analyser was awarded as "Toolsmith Tool of the Year 2015". This wouldn't have been accomplished without the support of loyal Hook Analyser users and admirers. Thanks all for your vote of confidence on this project. As a chief-developer and architect of this project, this recognition does provide me a lot of energy to continue to build cool things. If you have any new idea or would like to partner with the solution, please feel free to reach out to me. The project is becoming bigger each day and if you'd like to contribute to it then give me a shout.

On this occasion, I'd also like to release the new version of Hook Analyser v3.3. Several improvements have been made on this release as following -

  • ThreatIntel module can now parse pdf files as well (along with text and pcap files) for extracting IOCs, and can then perform keyboard-based intelligence on it
  • Several bug-fixes and improved stability





You may download the tool from here.


There is one more thing to add - 

In the current state i.e. v3.3, Hook Analyser has got the two (2) key capabilities: Malware Analysis (static and dynamic) and (Open Source) Threat Intelligence (collection, correlation and visualisation).

I'd like to announce that one of my other projects - Incident Analyser will be ported into Hook Analyser as a module called "Probe Engine" in the version 3.4.  Click here to get information about the next release.