To be presented and released at Black Hat, CrowdStrike's Tortilla delivers to researchers much-needed anonymity on Windows machines Security startup CrowdStrike plans to release this month an open-source tool that makes it easier for researchers to secretly monitor malware communications with a command-and-control server.Called Tortilla, the tool will be available for free on CrowdStrike’s Website July 31, the day it is presented by developer Jason Geffner at the Black Hat USA conference in Las Vegas, Nev. The release will include the source code and an executable.Tortilla corrects the unique hurdles in using Windows workstations for clandestine malware research. The problem stems from Windows’ limitations in supporting Tor, an online anonymity network.Researchers use Tor to hide their computers’ IP addresses while monitoring communications between malware and a C&C server and observing the malicious payloads uploaded by the latter. Anonymity is important because researchers do not want to tip off criminals or hackers working for nation states that they are being watched. Doing so could lead to the subjects denying access to the server, feeding false information to the researcher or taking down the server completely.“They can do anything they want to misdirect us or mislead us,” Geffner said. The malware creators, who are often tied to organized crime groups, could also trace the IP address directly to the researcher, if he’s using a home computer, or the company he works for. [Also see (premium): Black Hat targets the C-level]“The more that we keep secret, the better,” Geffner said.The problem researchers face on Windows stems from the operating system’s lack of native support for Socket Secure (SOCKS), which is the Internet protocol Tor uses to route network packets through proxies in order to hide the originating computer. To get around the problem researchers will use other hardware or run the malware on a different operating system running on a virtual machine. VMs are often used to run malware in order to seal it off from the rest of the computer and its software.Tortilla enables the researcher to use Tor on any Windows computer running XP or later without jumping through hoops. In addition, researchers can use any browser or plugin and any networking software. Tor normally supports only a special version of Firefox. CloudStrike plans to provide Tortilla with no strings attached, Geffner said. “[Researchers] are free to use it as they like.” Related content news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Communications Security Communications Security news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing news New Trojan ZenRAT masquerades as Bitwarden password manager A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities. By Lucian Constantin Sep 28, 2023 4 mins Cyberattacks Hacking Data and Information Security news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Data and Information Security Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe