Profile

Cover photo
Brendan Dolan-Gavitt
Works at Georgia Institute of Technology
Attends Georgia Institute of Technology
Lived in Florence, Italy
206 followers|78,329 views
AboutPostsPhotosYouTube

Stream

Brendan Dolan-Gavitt

Shared publicly  - 
 
(Sys)Call Me Maybe: Exploring Malware Syscalls with PANDA
System calls are of great interest to researchers studying malware, because they are the only way that malware can have any effect on the world – writing files to the hard drive, manipulating the registry, sending network packets, and so on all must be done...
System calls are of great interest to researchers studying malware, because they are the only way that malware can have any effect on the world – writing files to the hard drive, manipulating the registry, sending network pac...
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
PANDA VM Update April 2015
The PANDA virtual machine has been updated to the latest version of PANDA, which corresponds to commit ce866e1508719282b970da4d8a2222f29f959dcd . You can download it here: http://laredo-13.mit.edu/~brendan/pandavm-20150413.tar.bz2 Some notable changes: The ...
The PANDA virtual machine has been updated to the latest version of PANDA, which corresponds to commit ce866e1508719282b970da4d8a2222f29f959dcd. You can download it here: http://laredo-13.mit.edu/~brendan/pandavm-20150413.t...
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
Reproducible Malware Analyses for All
Summary : With help from GTISC , I have begun running 100 malware samples per day and posting the PANDA record & replay logs online at http://panda.gtisc.gatech.edu/malrec/ . The goal is to lower the barriers to entry for doing dynamic malware research, and...
Summary: With help from GTISC, I have begun running 100 malware samples per day and posting the PANDA record & replay logs online at http://panda.gtisc.gatech.edu/malrec/. The goal is to lower the barriers to entry for doing ...
1
1
Jesse Bowling's profile photo
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
PANDA VM Updated
By popular request, I've updated the PANDA VM to a more recent version of PANDA. Get it here: pandavm-20141005.tar.bz2 The version in the VM is based on Git revision  28787825aaf514da22e11650fdfca3ba82b9fc57 . Enjoy!
By popular request, I've updated the PANDA VM to a more recent version of PANDA. Get it here: pandavm-20141005.tar.bz2 The version in the VM is based on Git revision 28787825aaf514da22e11650fdfca3ba82b9fc57. Enjoy!
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
1
Peter Teoh's profile photo
 
true, there is binary analysis using Hilbert Space filling curves too:  http://corte.si/%2Fposts/visualisation/binvis/index.html
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
Bucky Fuller sure knew how to build a dome.
1
Add a comment...
In his circles
165 people
Have him in circles
206 people
Byoungyoung Lee's profile photo
Ryan Whelan's profile photo
Billy Lau's profile photo
Aaliya Batool's profile photo
Martim Carbone's profile photo
Finn's profile photo
Jennifer Townsend's profile photo
Jack Bader's profile photo
Arun Ravichandran's profile photo

Brendan Dolan-Gavitt

Shared publicly  - 
 
One Weird Trick to Shrink Your PANDA Malware Logs by 84%
When I wrote about some of the lessons learned from P ANDA Malrec 's first 100 days of operation , one of the things I mentioned was that the storage requirements for the system were extremely high. In the four months since, the storage problem only got wor...
When I wrote about some of the lessons learned from PANDA Malrec's first 100 days of operation, one of the things I mentioned was that the storage requirements for the system were extremely high. In the four months since, the...
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
100 Days of Malware
It's now been a little over 100 days since I started running malware samples in PANDA  and making the executions publicly available. In that time, we've analyzed 10,794 pieces of malware, which generated: 10,794 record/replay logs , representing 226,163,195...
It's now been a little over 100 days since I started running malware samples in PANDA and making the executions publicly available. In that time, we've analyzed 10,794 pieces of malware, which generated: 10,794 record/replay...
1
Brendan Dolan-Gavitt's profile photoBrian Railing's profile photo
3 comments
 
Can do.  There are still several months of writing ahead, so we can hope to revise the citation before it is turned in.
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
Replaying Regin in PANDA
Regin, a piece of state-sponsored malware that may have been used to attack telecoms and cryptographers, has recently come to light. There are several good writeups out there, and I encourage you to check them out. Getting access to samples in cases like th...
Regin, a piece of state-sponsored malware that may have been used to attack telecoms and cryptographers, has recently come to light. There are several good writeups out there, and I encourage you to check them out. Getting ac...
1
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
Breaking Spotify DRM with PANDA
Disclaimer : Although I think DRM is both stupid and evil, I don't advocate pirating music. Therefore, this post will stop short of providing a turnkey solution for ripping Spotify music, but it will fully describe the theory behind the technique and its im...
Disclaimer: Although I think DRM is both stupid and evil, I don't advocate pirating music. Therefore, this post will stop short of providing a turnkey solution for ripping Spotify music, but it will fully describe the theory ...
3
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
tl;dr: PANDA now supports detached replays (you don't need the underlying VM image to run a replay), and they can be shared at a new site called PANDA Share. Hooray for reproducibility! One of the most inspiring developments ...
1
Terry Dolan's profile photo
 
I got excited. I thought this was about panda bears
Add a comment...

Brendan Dolan-Gavitt

Shared publicly  - 
 
I have just created a prebuilt Virtualbox VM for testing PANDA. It's a current Debian 7.1 install with the latest (as of 10/4/2013) version of PANDA and prerequisites installed. The username and password for the VM are "panda...
1
1
Brian Lockrey's profile photo
Add a comment...
People
In his circles
165 people
Have him in circles
206 people
Byoungyoung Lee's profile photo
Ryan Whelan's profile photo
Billy Lau's profile photo
Aaliya Batool's profile photo
Martim Carbone's profile photo
Finn's profile photo
Jennifer Townsend's profile photo
Jack Bader's profile photo
Arun Ravichandran's profile photo
Work
Employment
  • Georgia Institute of Technology
    Research Assistant, 2008 - present
  • Microsoft Research
    Summer Intern, 2011 - present
  • MIT Lincoln Laboratory
    Summer Intern, 2010 - 2010
  • MIT Lincoln Laboratory
    Summer Intern, 2009 - 2009
  • MITRE
    Infosec Engineer, 2006 - 2008
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Previously
Florence, Italy - Atlanta, GA, USA - Boston, MA, USA - Knoxville, TN, USA - St Louis, MO, USA - Seattle, WA, USA - Middletown, CT, USA
Links
Other profiles
Contributor to
Story
Tagline
Hack the planet
Introduction
Congratulations! You've found the correct Brendan.
Education
  • Georgia Institute of Technology
    Computer Science, 2008 - present
  • Wesleyan University
    Math / Computer Science, 2002 - 2006
Basic Information
Gender
Male
Other names
moyix