- CXO Track
- For You
- Horror Stories from Hacker World
- Resume Clinic
- Goa 2020
ATT&CK framework has become a benchmark in the security domain. ATT&CK provides data about each technique used across different attack stages. Hachi was created to contribute to the ATT&CK community. Hachi is based on the radare2 framework and uses data provided by ATT&CK to map the symptoms of malware on ATT&CK matrix.
Following modules of Hachi make this tool a great addition to an analyst's or company's armaments:
- Threat Intel: Hachi provides threat intelligence data like a possible parent campaign or author of a malware file.
- Malware behavior: It uncovers core malware behaviors using automated static analysis coupled with symbolic execution to explore multiple execution paths and maps it on ATT&CK matrix.
- Binary Emulation: In addition to symbolic execution, it also emulates the file and finds out possible behavior and side effects of the malware.
- RESTful API: Hachi provides RESTful API which enables this tool to seamlessly integrate with malware processing frameworks.
- Visualization: It allows for the creation of detailed visual reports.
- Integration with Threat Intel feeds: It can be integrated with different threat intelligence feeds for enhanced security or expanded insights.
- Multiplatform: Hachi analyses PE(Portable executable) as well as ELF files. *Side Effects Extraction: This tool also extracts side effects which the file may cause if executed on the system.
- The primary aim of this tool is to act as a force multiplier for the InfoSec community and aid the analysis of malware.
Senior Malware Researcher
Parmanand Mishra is a security enthusiast who is currently working as Senior Malware Researcher at Qualys Inc. He works on malware analysis and adversary simulation based on ATT&CK and loves creating tools on the same. He has spoken at security conferences like c0c0n, DEFCON and goes by Kart1keya on GitHub.