• Goa 2020
  • AMMO
  • FriSpy

FriSpy

Tejas-Girme & Parmanand-Mishra

Tool Name:

FriSpy

Speaker:

Tejas Girme & Parmanand Mishra

Download Link:

https://github.com/73J45/FriSpy



Abstract:

FriSpy is developed by keeping lack of a easily configurable and intelligent open source API monitoring tool in mind. FriSpy makes use of dynamic instrumentation toolkit “FRIDA” to monitor a process.

Following are the features of FriSpy which makes it a good addition to a malware researcher’s arsenal:

  1. Plug and play: FriSpy is easy to deploy and use.
  2. User Controlled Execution: User can modify the arguments and return value of APIs to control the flow of the process.
  3. Configuration based monitoring: Provides the ability to specify which API to monitor.
  4. Profile based monitoring: In addition to above feature, FriSpy also provides readily available configurations for different type of malware. E.g. Ransomware, Process code injector etc.
  5. Argument Dump: It provides the feature to dump arguments of an API.
  6. User Interface: Streams the behavior of executable driven by the API execution as well as lists extracted behavior indicators.

Bio:

Tejas Girme is a Senior Malware Researcher at Qualys Inc. With more than 6 years of experience, he has expertise in tracking and analyzing active malware threats. He has done research on several threats including Ransomwares, CryptoMiners and Magecart. Recently, he is working with Linux malwares and the threats targeting docker containers. He has presented research papers at AVAR2018 conference.

Parmanand Mishra is a security enthusiast who is currently working as Senior Malware Researcher at Qualys Inc. He works on malware analysis and adversary simulation based on ATT&CK and loves creating tools on the same. He has spoken at security conferences like c0c0n, DEFCON and goes by Kart1keya on GitHub.

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved