UMSE is a rich malware sample format. It can represent: software threats, hardware threats, the mixing of both and takes into account very important forgotten aspects like: potential malicious elements context, life cycle and variety of nature of the elements (not limited to files) and some other things which finally improve the sample quality acquisition, storage and transport positively impacting all subsequent reverse engineering tasks and users confidentiality.
LaTeX: Master Thesis (LaTeX version)
PDF: Master Thesis (PDF version).
UMSE structure (available here) is formally specified using Kaitai Struct language.
For practical purposes a SweetScap 010Editor template (available here) was also developed.
A C/C++ library (available here) was developed to work more easily with UMSE. As most of security products are developed in C/C++, the UMSE library was developed in these languages but note that it can be used with independence of the programming language.
A "libUmse.cbp" Code::Blocks project file is available and ready to use.
-
Before starting to work with UMSE it is highly recommended to read the documentation
-
Clone the repository:
git clone https://github.com/dalvarezperez/umse.git- Start to generate your own UMSE malware samples using UMSE tool for single malware analysts. A Windows x64 precompiled binary is also available. Note that this tool is extremly simple and dont care about encryption anyway.
- Develop your own UMSE dynamic link library features.
- Antivirus agent UMSE integration demostration.
- Intelligence server integration demostration.
- Malware analyst console demostration.
- CyberSec@GAL: Premios cátedra R en ciberseguridade UVIGO-UDC, 2020
-
Authors
David Álvarez Pérez <dalvarezperez87[at]gmail[dot]com>
Manuel Fernandez Veiga <manuel.veiga[at]det[dot]uvigo[dot]es> -
Contributors.
How to contribute