Quicksand Now on GCP: Serverless Malware Analysis with Cloud Functions and Storage

We’re excited to announce a major update for Quicksand, our open-source malware analysis tool. Following up on our original blog post, we’ve now ported Quicksand to Google Cloud Platform (GCP), leveraging the power of Cloud Functions and Cloud Storage for a more scalable and efficient threat analysis experience.

The Move to Serverless

By moving Quicksand to a serverless architecture on GCP, we’re able to offer a number of key advantages:

  • Scalability: Cloud Functions automatically scale in response to the number of files you need to analyze. Whether you have one document or thousands, Quicksand on GCP can handle the load.
  • Cost-Effectiveness: With a serverless model, you only pay for the compute time you use. This makes Quicksand an even more affordable option for individuals and organizations of all sizes.
  • Simplified Workflow: The new GCP integration streamlines the process of analyzing malicious documents. Simply upload your files to a Google Cloud Storage bucket, and a Cloud Function will automatically trigger a Quicksand scan.

How It Works

The new GCP implementation of Quicksand is designed to be simple and easy to use. Here’s a high-level overview of the workflow:

  1. Upload to Cloud Storage: Drop your suspected malicious documents into a designated Google Cloud Storage bucket.
  2. Trigger the Cloud Function: A Cloud Function is automatically triggered when a new file is uploaded to the bucket.
  3. Quicksand Analysis: The Cloud Function executes a Quicksand scan on the uploaded file.
  4. View the Results: The analysis results are then stored in another Cloud Storage bucket, where you can easily access and review them.

All of the code for the new GCP integration is open-source and available on our GitHub repository. We encourage you to check it out, try it for yourself, and contribute to the project.

Get Started Today

We’re thrilled to bring the power of Quicksand to the Google Cloud Platform. This new integration makes it easier than ever to analyze malicious documents and gain valuable threat intelligence.

To get started, head over to our GitHub repository and follow the instructions in the README. We’re always looking for feedback, so please don’t hesitate to open an issue or a pull request.

Happy hunting!