Skip to content

Add a Quark Agent malware analysis showcase to README #692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add a Quark Agent malware analysis showcase to README #692

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3af4e17
Add malware analysis showcase to README
haeter525 Sep 23, 2024
7ff0e11
Improve wording
haeter525 Sep 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 44 additions & 11 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,13 @@

![quark agent demo](https://hackmd.io/_uploads/By6ggTni0.png)

With Quark Agent, you can perform analyses using only natural language. It creates Quark Script code following your ideas and adjusts the code promptly as you provide feedback.
Quark Agent enables vulnerability and malware analysis using only natural language. With Quark Agent, you can create Quark Script code, detect CWEs, generate Quark reports, and adjust the outputs based on your feedback. Explore the showcases below.

# Showcase:
# Showcase: Detect CWE-798 in ovaa.apk

Here’s a demonstration of using Quark Agent to detect the CWE-798 vulnerability in the ovaa.apk file.
Here’s a demonstration of using Quark Agent to detect [the CWE-798 vulnerability](https://cwe.mitre.org/data/definitions/798.html) in ovaa.apk.

### Step 1: Environments Requirements
### Step 1: Environment Requirement

* Make sure your Python version is 3.9 or above.

Expand All @@ -55,29 +55,31 @@ git clone https://github.com/quark-engine/quark-engine.git && cd quark-engine
pip install .[QuarkAgent]
```

### Step 3: Prepare the Detection Rule and the Sample File
### Step 3: Prepare the Sample File and the Detection Rule

+ Put [the sample file](https://github.com/oversecured/ovaa) and [the rule](https://github.com/quark-engine/quark-script/blob/main/constructCryptoGraphicKey.json) in the `quark/agent` directory.

```bash
.
├── ...
├── quark
├── ...
├── agent # Put rule file and sample file here
├── agent # Put the sample file and rule file here.
├── ...
```

You can download the **rule file** [here](https://github.com/quark-engine/quark-script/blob/main/constructCryptoGraphicKey.json) and the **sample file** [here](https://github.com/oversecured/ovaa).

### Step 4: Add your OpenAI API key

Add your OpenAI API key in `quarkAgentWeb.py`
+ Add your OpenAI API key in `quarkAgentWeb.py`

```python
os.environ["OPENAI_API_KEY"] = 'your-api-key-here'
```

### Step 5: Run Quark Agent

+ Start Quark Agent by running:

```bash
$ cd quark/agent
$ python3 quarkAgentWeb.py
Expand All @@ -86,9 +88,40 @@ $ python3 quarkAgentWeb.py
# The default URL is http://127.0.0.1:5000
```

Open a browser and navigate to `127.0.0.1:5000` to start using Quark Agent
Open a browser and navigate to `127.0.0.1:5000` to start using Quark Agent.

See more CWE detections using [Quark scripts](https://quark-engine.readthedocs.io/en/latest/quark_script.html) and play them with Quark Agent!

# Showcase: Generate & Enhance a Quark Report of Ahmyth.apk

Here’s a demonstration of using Quark Agent to generate and enhance a Quark report. The demonstration first generates a Quark [summary report](https://quark-engine.readthedocs.io/en/latest/quark_reports.html#id1) of Ahmyth.apk. Then, it enhances the report's scoring system to emphasize high-risk behaviors.

In this demonstration, we use the command-line interface of Quark Agent.

### Step 1: Install Quark Agent

* Follow the steps in the first showcase to install Quark Agent.

### Step 2: Prepare the Sample File and the Detection Rule

+ Put [the sample file](https://github.com/quark-engine/apk-samples/raw/master/malware-samples/Ahmyth.apk) in the current directory.
+ Put [the rules](https://github.com/quark-engine/quark-rules/tree/master/rules) in a directory named "rules."

For easy demonstration, we use only 10 rules (00001.json - 00010.json) in this showcase.

### Step 3: Run Quark Agent

+ Start Quark Agent by running:

```bash
quark-agent
```

+ Chat with Quark Agent to generate and enhance a summary report.

https://github.com/user-attachments/assets/138732b4-30e5-4282-a6fb-fe34e2dfdf3f

See more CWE detections using [quark scripts](https://quark-engine.readthedocs.io/en/latest/quark_script.html) and play them with Quark Agent !
For more details on the prompts used in the video, please check the document [here](https://quark-engine.readthedocs.io/en/latest/quark_agent.html#showcase-enhance-summary-report-with-quark-agent).

# Acknowledgments

Expand Down
Loading