Invincea Research Edition
The Invincea Research Edition is a collection of Invincea products, including its award-winning FreeSpace™ endpoint software, a malware reversing analytics toolkit, cloud analysis services, and integration with threat intelligence from VirusTotal.
Research Edition provides security analysts, digital forensics investigators, incident responders, and academic researchers the ability to analyze suspected malicious URLs and documents in a secure virtual container to experience firsthand the malware’s capabilities on an end-user’s machine, and automatically reverse engineer samples to derive the capabilities of the malware. Research Edition is offered for free for qualified program participants.
Program Overview and Components
Qualified program participants receive free, annual licenses for Invincea products, tools, cloud services, and summary threat intelligence integration with ThreatGRID, including:
- Invincea FreeSpace endpoint protection client to contain, execute, and detonate malware
- Invincea Management Server cloud service to view, analyze, fuse, and collaborate on the details of malware execution (user access is anonymized and non-attributed)
- Invincea Cynomix, a set of static analysis tools that will automatically describe the capabilities of a malware sample based on a machine learning algorithm trained on 20M+ technical documents on the web (to discover the purpose of obscure function calls and byte strings, for example) and 50M+ live malware variants
- Lookup integration to VirusTotal, a crowd-sourced intel-sharing service, used to get additional attribution information and signature detection coverage details by leading anti-virus vendors.
How to use the tools
Malware execution delivered through common user channels and vulnerable applications (web browser, Java, PDF reader, MS Office documents, Flash, and more) are completely isolated and allowed to run in FreeSpace’s secure virtual container. Details of the malware execution, including process calls, writing to a file, unpacking, calling a compiler, writing to a (virtual) registry, illegal Java calls, inbound and outbound network connections, and more, are fully contained in the FreeSpace client and logged to the Invincea Management Server for deeper analysis.
The following presentation demonstrates how the FreeSpace client, Invincea Management Server, and VirusTotal intelligence were used to analyze a real-world spear-phish attack.
Only the metadata and forensics details of the malware sample is logged to the cloud service for analysis and fusing with VirusTotal, leaving full control of the executable to the program participant. A researcher can further utilize the Invincea Cynomix command line tool to reverse engineer the malware sample to determine its capabilities.
More information on Cynomix can be seen here in this video from Black Hat 2013 where Cynomix was presented by Josh Saxe, Invincea Labs Principal Researcher, in “An Open Source, Crowd Trained Machine Learning Model for Malware Capability Detection“.
Membership in the Research Edition program is available for qualified participants who receive a free annual subscription to the program’s products, cloud services, tools, and partner integrations. Participants must meet the minimum requirements of the program, register via the form below, and be vetted by a member of the Invincea program team.
- Participants must conduct malware research and exploit analysis as their primary job function
- Use of the Research Edition is for non-commercial use only
- Participants must register using their LinkedIn credentials and supply a valid work email address and phone number
- Participants must “follow” the Invincea company page on LinkedIn
- Academic participants must have a faculty sponsor and agree to publish their research using the Invincea Research Edition
- The full program end-user license agreement and terms and conditions is available here
How to Register and What to Expect
Register using the form below using your LinkedIn credentials and supply additional work email and phone number contact information. You will also be required to follow the Invincea page on LinkedIn after you submit the registration form.
Registrations will be reviewed once per day and may take 12-24 hours to process. Additional validation might be required through email or telephone to you from Invincea.
Approved registrants will receive a welcome email, a download link to the software, login account information for the Invincea Management Server, and access to the program’s private support forum. All non-approved or pending registrants will be otherwise notified.
For more information
See other examples of malware capture, containment, and analysis using Invincea FreeSpace and Invincea Management Server.
- Invincea Protects Against “Massively Exploited” Java zero-day
- DrudgeReport/Washington Free Beacon used to push Java exploit
- WTOP News and FedNewsRadio exploiting Java to push Fake A/V
- Cool Exploit Kit using Java CVE-2013-2423
- Styx Exploit Kit exploiting Java – 94% of browsers vulnerable
- NationalJournal.com used to push Java exploit
- Reveton Ransomeware pushing Java 7 exploit