As it is now clear, traditional anti-virus products and security tools are not so effective in detecting 
previously unseen, new malware. As a consequence, targeted attacks are often successful and remain 
undetected for extended periods of time. One approach for faster detection of compromised systems is to use 
threat intelligence, which may be available from specialized providers in the form of Indicators of 
Compromise (IoC). IoCs are typically observable stateful or behavioral properties, which, if present on a 
given system, may indicate that the system is infected. The goal of the project is to develop tools that 
can input a set of IoCs (in a standard format, such as STIX) and output special scripts that can be run 
against a target system to detect the presence of those IoCs. The tools should support multiple types of 
IoCs and multiple target OSs (Linux, Windows). The tools can use available existing tools or open source 
projects (e.g., yara, OVAL).

This project can be chosen by multiple students, working as a team, where each student can focus on one 
part of the problem.