Posts tagged "incident response"

Collaboration for Better Software Security

At Adobe we have found that building working relationships between developers and vulnerability researchers is to the benefit of everyone–including, and especially, the general public. We will be speaking this week on this topic at the SOURCE Seattle 2012 conference. In our talk we’ll share case studies of successful developer-researcher collaboration by examining examples of security incidents including bug reports, zero-day attacks, and incident response.

If you’re going to be at SOURCE Seattle please drop by our talk: “Why Developers and Vulnerability Researchers Should Collaborate” at 12:10pm on Thursday, September 13. We’re eager to share what we have learned from our developer-researcher collaboration. And, of course, we especially look forward to catching up in hallway conversations!


Karthik Raman, Security Researcher, ASSET
David Rees, Lead Developer, Acrobat 3D

Straight from the Source: SOURCE Boston

Karthik here from Adobe PSIRT. My colleague from the Adobe Acrobat team, Manish Pali, and I will be speaking next week at the SOURCE Boston conference. In our talk, we’ll cover some of the processes behind incident response at Adobe, including our security community outreach via the Microsoft Active Protections Program (MAPP), and automation strategies and solutions from the trenches for new and known vulnerability reports.

Demo alert! Manish is going to demo one of his tools for incident-triage automation—we’re hoping this and other aspects of the talk will benefit our friends on other incident response teams.

Please swing by our talk, if you’ll be at SOURCE Boston. We look forward to catching up in hallway conversations.

See you in Boston,


Presenting “Malware Classifier” Tool

Hi folks,

Karthik here from Adobe PSIRT. Part of what we do at PSIRT is respond to security incidents. Sometimes this involves analyzing malware.  To make life easier, I wrote a Python tool for quick malware triage for our team. I’ve since decided to make this tool, called “Adobe Malware Classifier,” available to other first responders (malware analysts, IT admins and security researchers of any stripe) as an open-source tool, since you might find it equally helpful.

Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.” The tool extracts seven key features from a binary, feeds them to one or all of the four classifiers, and presents its classification results.

The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a data set of approximately 100,000 malicious programs and 16,000 clean programs.

Malware Classifier is available at Open @ Adobe.

I will be speaking about the research behind the tool at Infosec Southwest 2012 in Austin, TX, on April 1. If you’re going to be there, I look forward to meeting up and discussing product security and secure engineering at Adobe.