We have talked about using MASTIFF several times before as part of your malware analysis process. It is a wonderful automated static analysis framework created by Tyler Hudak (@secshoggoth) from KoreLogic Security. For those not familiar with MASTIFF, here is the description from their git site.
MASTIFF is a static analysis framework that automates the process of extracting key characteristics from a number of different file formats. To ensure the framework remains flexible and extensible, a community-driven set of plug-ins is used to perform file analysis and data extraction. While originally designed to support malware, intrusion, and forensic analysis, the framework is well-suited to support a broader range of analytic needs. In a nutshell, MASTIFF allows analysts to focus on analysis rather than figuring out how to parse files.
Fortunately, Tyler and KoreLogic provide an online version of MASTIFF that you can play with without all the hassle of installing it locally. You can find it at https://mastiff-online.korelogic.com/. And if you want to learn more about MASTIFF from Tyler himself, below is his video from way back at ShmooCon 2013 where he introduced it.
Today’s post pic is from Wikimedia.org. See ya!