Entries by Two Six Staff

Invincea Labs publishes two papers on machine learning malware detection

Recently, my colleagues and I published two papers demonstrating the potential for practical machine learning based detection of malware. The first paper was presented at 2015 AI-Sec Workshop in Denver on October 16th. The second paper was presented at 2015 MALCON conference in Puerto Rico on October 20th. While the two papers have similar end […]

Invincea Performs Visual Analysis of OpCleaver Using Cynomix

Anup Ghosh, Invincea’s CEO, posted a report on the Operation Cleaver malware, which includes analysis conducted by Invincea Labs researcher Giacomo Bergamo using Cynomix. Cynomix is a community analysis engine developed by Invincea Labs, and is free to malware researchers everywhere to upload, analyze, or browse malware samples. See Anup’s full report on OpCleaver to get all […]

Invincea Takes Initial Look at Regin Malware with Cynomix

Following the disclosure earlier this week of a sophisticated espionage campaign dating back to 2011, Invincea obtained the 33 Regin malware samples and performed an in-depth analysis using Cynomix. Invincea identified a cluster of 20 malware samples that all had code-sharing relationships with each other. Cynomix’s CrowdSource technology also automatically identified the capabilities of 11 […]

Invincea Labs publishes two malware visual analysis papers at VizSec 2014

Invincea Labs’s research engineers published two papers in this year’s proceedings of Visualization for Cyber Security (VizSec). The papers describe research that the authors and their teammates performed on DARPA’s Cyber Genome program for performing malware analysis at scale. In the first paper, Robert Gove and his coauthors describe their work on the Similarity Evidence […]

Invincea Labs Publishes New Research Paper on Automated Malware Analysis

A new research paper from Invincea Labs on CrowdSource, led by Associate Research Director Josh Saxe, has been accepted for publication in MALWARE 2014. Josh Saxe will give a presentation at the conference October 28-30. Funded by DARPA’s Cyber Fast Track, CrowdSource advances automated malware analysis by leveraging web technical documents, such as Stack Overflow, […]

Invincea Analyzes CrowdStrike Putter Panda Intrusion Set with Cynomix

Pat Belcher, Invincea’s Director of Security Analytics, has performed an in-depth analysis of the Putter Panda intrusion set using the Cynomix platform. In the analysis, Cynomix clearly shows there is no code-sharing relationship between Putter Panda and the APT1 malware samples. Leveraging CrowdSource’s automatic capability detection, his analysis with Cynomix also identifies the capabilities for […]

Invincea Labs to Give Two Presentations at Black Hat

This year Invincea Labs will give two presentations at Black Hat. Josh Saxe will present new research on a scalable approach for analysing code-sharing relationships among millions of malicious binaries. Giacomo Bergamo will present Cynomix, Invincea’s new platform for automated malware analysis and visualization. Below are the full descriptions of their presentations. A SCALABLE, ENSEMBLE APPROACH […]

Invincea Releases Threat Research Tools

Today Invincea announced the release of Invincea Research Edition (RE), a set of tools for Digital Forensics/Incident Responders (DF/IR), to enable discovery and sharing of threat intelligence among the threat research community. Invincea RE consists of four tools, including Invincea CrowdSource Command Line Interface (CLI) for malware analysis. The CrowdSource CLI was presented at BlackHat 2013 by […]

Automatic Malware Capability Detection at THREADS 2013

This week at THREADS, an annual conference focusing on security research and offensive and defensive network discoveries, Josh Saxe will give a presentation on Invincea Labs’ latest work to automatically detect malware capabilities. In his talk, titled “CrowdSource: A Crowd-Trained Machine Learning Model for Malware Capability Detection”, Josh Saxe will present the current state of […]

Invincea Labs to Present an Open Source, Crowd Trained Machine Learning Model for Malware Capability Detection at Black Hat

Due to the exploding number of unique malware binaries on the Internet and the slow process required for manually analyzing these binaries, security practitioners today have only limited visibility into the functionality implemented by the global population of malware. To date little work has been focused explicitly on quickly and automatically detecting the broad range […]