On this post I'd like to share some of the updates on the next release of Hook Analyser project v3.4.
In the current state i.e. v3.3, Hook Analyser has got the two (2) key capabilities: Malware Analysis (static and dynamic) and (Open Source) Threat Intelligence (collection, correlation and visualisation).
I'd like to announce that one of my other projects - Incident Analyser will be ported into Hook Analyser as a module called "Probe Engine".
The Probe Engine performs AD enumeration to extract information about registered machines, privileged accounts-related details etc. Once the list of the machines is extracted, or a user-specified network range is provided, Probe engine will connect to each of the machine (credential will be required) and extract information such as external IPs where machines are connected with, processes hashes related information etc. This information will subsequently flow through the intelligence and malware analysis module for further analysis and investigation.
As you'd imagine, this is a major step in terms of the project maturity - and it may take some time. I'll try my best to release a working version as soon as possible.
At a high-level, the project will address following key use cases -
- Breach detection through information collection and co-relation with open source intelligence
- Basic and Advanced Malware Analysis
- Security controls enrichment through collection and sharing of Indicators of Compromise (IOCs)
Interested to see how community is utilising Hook Analyser? Following are some noteworthy mentions -
- toolsmith: There Is No Privacy - Hook Analyser vs. Hacking Team
- https://isc.sans.edu/diary/Keeping+the+RATs+out%3A+the+trap+is+sprung+-+Part+3/18415
- https://www.youtube.com/
watch?v=35teUHnZNGU (@59:00) - https://digital-forensics.sans.org/summit-archives/DFIR_Summit/7-Sins-of-Malware-Analysis-Dominique-Kilman.pdf
- http://binaryhax0r.blogspot.com.au/2013/01/cve-2012-4792-hook-analyser.html
- http://www.darknet.org.uk/2014/05/hook-analyser-3-1-malware-analysis-tool/
- https://www.owasp.org/images/5/5b/RevEngMal.pptx