2025-10-22 –, Europe
This lightning talk is about MIP (Malware Investigation Pipeline) - an automated forensic pipeline designed to extract threat intelligence from Cowrie honeypot snapshots. MIP leverages Dissect for forensic artifact extraction, integrates with VirusTotal to validate suspicious files, and publishes confirmed IOCs to MISP. By automating this process, MIP enables faster and more consistent generation of threat intelligence for collaborative defense.
👉 https://github.com/andreia-oca/malware-investigation-pipeline
Threat hunters are frequently faced with large volumes of compromised artifacts that demand fast triage and mitigation. Manual analysis often becomes a bottleneck, limiting the ability to respond effectively at a large scale.
MIP addresses this challenge by automating the end-to-end forensic investigation of QCOW2 disk images collected from Cowrie SSH honeypots. The pipeline extracts relevant forensic data using Dissect, validates findings against VirusTotal, and disseminates verified IOCs to MISP.
Andreia is a security engineer and teacher, passionate about empowering developers to write and deploy robust, bug-free code. A strong advocate for best practices in cloud security and backend development, she loves talking about technology and sharing insights with the tech community.