Tuesday, April 30, 2024

Analyzing Malware in Binaries and Executables with AI

In a recent post titled "From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis", published on the Google Cloud Security blog, we explore the capabilities of Gemini 1.5 Pro, which enhances malware analysis by processing up to 1 million tokens. This advancement allows the tool to analyze large amounts of disassembled or decompiled code in a single pass, providing a complete view of the malware's logic to produce verdicts and summary reports. The blog post highlights practical applications of this approach, using well-known malware such as WannaCry and also entirely new and previously undetected malware. These examples show that Gemini 1.5 Pro's reports are not based on pre-trained data of those specific samples but on its ability to analyze the code itself. For more details on how Gemini 1.5 Pro operates in malware analysis, we encourage you to read the complete post here.

At VirusTotal, Gemini 1.5 Pro has been effectively utilized in Code Insight to process macros in Office documents that exceed the token limits of traditional models. For instance, "PLEX.xlam" is the most recent file that, at the time of writing this paragraph, required the use of Gemini 1.5 Pro due to its long content. This file was flagged by several antivirus engines and two sandboxes. Code Insight conducted an analysis by extracting 34 macros, which resulted in 138,332 tokens. The detailed report from Code Insight provides a comprehensive understanding of the macros' functionalities. This analysis aids in clarifying the intentions behind these macros, helping to determine whether the security alerts indicate actual threats or potential false positives.

We will continue to deploy Gemini 1.5 Pro's analysis capabilities across various file formats and are actively working on scaling up disassembly and decompilation techniques to begin processing binaries, as demonstrated in the examples described earlier in this post. Our goal is to expand the scope of our automated malware analysis, enhancing our ability to handle increasingly complex threats efficiently.

We invite the community to collaborate in this initiative. If you have unpacking utilities, specialized models, or innovative ideas related to malware analysis, your contributions would be invaluable. Together, we can expand the boundaries of what is achievable in cybersecurity and strengthen our collective defenses against emerging threats.

Thursday, April 25, 2024

Mastering VirusTotal: Certification Course

We are pleased to announce the partnership with The SOC Academy, a new startup dedicated to providing cybersecurity education, debuting with a VirusTotal Certification course. Founded by Laura, a passionate entrepreneur and especially a cybersecurity enthusiast, The SOC Academy aims to enhance the skills and expertise of professionals in the field. Below, we dive into a conversation with Laura, exploring the motivation behind this initiative, what it offers, and her vision for the future of The SOC Academy.

Laura Marta Mantoani
Founder of The SOC Academy

Q1: Laura, could you tell us about your background in cybersecurity and what inspired you to launch The SOC Academy, particularly focusing on the VirusTotal Certification course?
Laura: Sure, I’d love to share more. Firstly, I studied Marketing, Business Communication and Global Markets at the University of Milan, where my passion for entrepreneurship was born. Then, I earned a second degree in engineering at the University of Malaga, where I focused on Software Engineering and Artificial Intelligence, as well as Reverse Engineering and Malware Intelligence. This background experience shaped my entrepreneurial spirit and particularly my enthusiasm for cybersecurity. Some of my Reverse Engineering and Malware Intelligence teachers, who were from the VirusTotal team, really opened my eyes to what you can do with VirusTotal. This experience got me thinking about how I could help others understand and use VirusTotal better, discovering all its tools and maximizing their potential. That’s why I started The SOC Academy and the VirusTotal Certification course to teach and inspire others in cybersecurity.

Q2: Can you explain the difference between the Free course and the VirusTotal Certification course?
Laura: Absolutely! The Free Introduction Course is designed to provide a taste of The SOC Academy's learning experience and offer a foundational understanding of VirusTotal. They are perfect for individuals curious about VirusTotal and cybersecurity who want to explore the platform before committing to a more in-depth program. The VirusTotal Certification course, on the other hand, is a comprehensive deep dive into all aspects of VirusTotal, from basic search functions to advanced hunting techniques. It is ideal for those who want to become true VirusTotal masters and gain a recognized certification.

Q3: The VirusTotal Certification seems to be a flagship course. What are some of the key benefits for those who complete it?
Laura: The VirusTotal Certification is designed not just as a course, but as a comprehensive learning experience. Those who complete the certification receive a badge on their VirusTotal.com profile, signaling their expertise to peers and potential employers, as well as an official VirusTotal certificate, that demonstrates the users' advanced level of proficiency with VirusTotal. Additionally, certified users gain unlimited access to the course with ongoing updates and early access to new features on the platform. This ensures our graduates are always at the cutting edge of cybersecurity practices.

Q4: How does The SOC Academy ensure the courses remain relevant in the rapidly changing field of cybersecurity?
Laura: We continuously update our course content to reflect the latest in cybersecurity threats and defenses. Our close partnership with VirusTotal allows us to integrate the newest features and updates directly into our curriculum, providing our students with relevant and immediate knowledge they can apply in real-world situations.

Q5: Finally, what’s next for The SOC Academy? Any future plans or developments?
Laura: We're always looking to expand our offerings. Future plans include more advanced courses and possibly live events to foster a greater sense of community and collaboration among our students. We also plan to incorporate more interactive and hands-on training methods to enhance learning outcomes.

At VirusTotal, we are proud to support Laura's initiative. Her passion for cybersecurity, entrepreneurial spirit, and dedication to knowledge sharing are truly inspiring. We encourage you to visit The SOC Academy, enroll in the free introductory course, and provide feedback to Laura as she continues to grow and improve this valuable platform. Together, we can foster a stronger and more knowledgeable cybersecurity community.