The Canada’s Communications Security Establishment (CSE) intelligence agency has released the source code for one of its malware detection and analysis tools dubbed Assemblyline.
The Assemblyline tool is written in Python and was developed under the CSE’s Cyber Defence program.
“This tool was developed within CSE’s Cyber Defence program to detect and analyse malicious files as they are received. As the Government of Canada’s centre of excellence in cybersecurity, CSE protects and defends the computer networks and electronic information of greatest importance to the Government of Canada.” states the Communications Security Establishment.”Our highly skilled staff works every day to protect Canada and Canadians from the most advanced cyber threats. Assemblyline is one of the tools we use.”
The Canadian intelligence agency described the analysis process as a conveyor belt, the files arrive in the system and are triaged in a sequence composed of the following phases:
The CSE decided of releasing the Assemblyline tool allowing anyone to customize the tools and deploy their own analytics into it.
The tool allows users to focus their efforts on the most harmful files, reducing the number of non-malicious files that experts have to inspect.
“The strength of Assemblyline is the ability of users to scale the system to their needs and the way that Assemblyline automatically rebalances its workload depending on the volume of files.” CSE added.” It reduces the number of non-malicious files that security analysts have to inspect, and permits users to focus their time and attention on the most harmful files, allowing them to spend time researching new cyber defence techniques,” CSE added.
The Assemblyline source code is available on BitBucket, users can modify it according to their needs.
Other intelligence agencies also released open source tools in the past, In November 2016, peers at the GCHQ released the CyberChef tool to analyze encryption, compression and decompression, and data formats.
(Security Affairs – Assemblyline, malware analysis tool)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.