Build your own malware analysis pipeline using open source tools
10-18, 09:00–12:00 (Europe/Luxembourg), Vianden&Wiltz

During almost a decade of our malware analysis experience in, we have tried many different approaches. Most of them failed but we have learned a lot about what works and what does not. Finally, after several years of development, we publicly released a bunch of projects that we are proud of: a complete open-source malware repository and analysis platform.
The workshop will provide practical hands-on introduction to all aspects of the platform:
mwdb: community-based online service for analysis and sharing of malware samples. The service is freely available to a white-hat researchers and provides fully-automated malware extraction and botnet tracking.
mwdb core: self-hosted repository of samples and all kinds of technical information related to malware configurations.
karton: microservice framework for highly scalable and fault-resistant malware analysis workflows. We will explain the installation and configuration quickly and spend the rest of time on adapting workflows to the karton framework.
malduck is our library for malware extraction and analysis. We will explain how to use it effectively and how to create your own modules.
All components are already available on our GitHub page:

Hands-on workshop showcasing MWDB, mwdblib, Karton and malduck.

IMPORTANT: please remember to take your laptop with you. You will need to have a working Linux environment, with a docker-compose and Python installed.

Security researcher at

Paweł Srokosz is a security researcher and a malware analyst at CERT.PL, constantly digging for fire and doing reverse engineering of ransomware and botnet malware. Main developer of open-source projects for malware analysis automation: MWDB Core and Karton. Free-time spends on playing CTFs as a p4 team member.