Malware Information Sharing Project

This will be an introduction to MISP. It's a community, a history of attacks, and a defenders tool. If you're nervous about the technology details, don't be, it's also a chance to learn how malware analysts, and incident responders do their work protecting people and computers.

For anyone

Format

This is an in person walkthrough. Ask questions freely, and learn about malware, and indicators of compromise.

Materials

  • None.
  • None.

Introduction

Malware attacks happen frequently. Where do we go when the news is too slow to find out what attacks are happening?

MISP is an open source project. It's a server, it's a community, it's crowdsourcing anti-virus signatures.

Steps to Complete

  1. Check out the open source development

    A platform for sharing, storing and correlating Indicators of Compromises of targeted attacks. Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on malware, but also to use the IOCs to detect and prevent attacks. Find out more here.

  2. Ask questions during the demo

    I'll demo the system I have access to. I'd ask you to keep some of the information you see off the record. However, I do encourage you to ask questions about malware analysis and how MISP is used.

  3. Do you use GPG?

    Ask for an account: give an email to me for use with a MISP account.

Glossary

GPG

Gnu Privacy Guard (email encryption).

IoCs

Indicators of Compromise

Follow-up Resources & Materials

Greetz & shout outs

CIRCL.LU, Alexandre Dulaunoy, Raphael Vinot, Marion Marschalek