HITB LAB: IRMA – AN OPEN SOURCE INCIDENT RESPONSE & MALWARE ANALYSIS PLATFORM presented at HackInTheBoxMalaysia 2014

by Alexandre Quint, Fernand Lone-sang,

Summary : IRMA (http://irma.quarkslab.com) is an open-source asynchronous system aiming at helping analyze suspicious files.
We all know that anti-virus (AV) are a failure: if someone is basing his security on this one product, failure is sure. Despite that, everyone also considers AV are also needed to detect the generic attack vectors. A not new idea is to use several AV engines. Due to costs and performance constraints, one host cannot run tons of AV. So, several solutions have appeared lately to provide a central place where suspicious files can be tested towards major AV engines.