SANS Digital Forensics and Incident Response Blog: Category - Malware Analysis

15 Apr 2018

Inhibiting Malicious Macros by Blocking Risky API Calls

0 comments Posted by Adam Kramer
Filed under Advanced Persistent Threat, Cyber Kill Chain, Malicious Scripts, Malware Analysis

Microsoft Office Macros have been the bane of security analysts' lives since the late 1990s. Their flexibility and functionality make them ideal for malware authors to use as a primary stage payload delivery mechanism, and to datethe challenge they pose remains unsolved. Many organisations refrain from blocking them completely due to the impact it … Continue reading Inhibiting Malicious Macros by Blocking Risky API Calls

13 Apr 2018

Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training this Year

0 comments Posted by sansdfir
Filed under Advanced Persistent Threat, Computer Forensics, Computer Forensics and IR Summit, Cyber Threat Intelligence, DFIR Scholarship, DFIR Summit, Drive Encryption, Forensic4Cast Awards, Incident Response, iOS, Lethal Forensicator Coins, Malware Analysis, Memory Analysis, Mobile Device Forensics, Network Forensics, Network Forensics, Registry Analysis, REMnux, Reverse Engineering, SIFT Workstation, smartphone, Specials, Threat Hunting, Threat Hunting & Incident Response Summit, Timeline Analysis, Training, USB Device Analysis, Windows Memory Forensics

The SANSDFIR Summit and Training 2018is turning 11!The 2018 event marks 11 years since SANS started what is todaythedigital forensics and incident response event of the year, attended by forensicators time after time. Join us and enjoy the latest in-depth presentations from influential DFIR experts and the opportunity to take an array of hands-on SANS … Continue reading Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training this Year


Tags: Coin Slayer, Computer Forensic Training, DFIR course coins, DFIR Management, dfir netwars, DFIRSummit 2018, Incident Response, mac forensics, Memory Forensics, mobile forensics, Network Forensics, Reverse engineering Malware, Threat Hunting, Windows Forensics Analysis
16 Dec 2017

Automated Hunting of Software Update Supply Chain Attacks

0 comments Posted by Adam Kramer
Filed under Advanced Persistent Threat, Malware Analysis, Network Forensics, Threat Hunting

Software that automatically updates itself presents an attack surface, which can be leveraged en masse through the compromise of the vendor's infrastructure. This has been seen multiple times during 2017, with high profile examples includingNotPetya and CCleaner. Most large organisations have built robust perimeter defences for incoming and outgoing traffic, but this threat vector … Continue reading Automated Hunting of Software Update Supply Chain Attacks

27 Nov 2017

Acquiring a Memory Dump from Fleeting Malware

2 comments Posted by Adam Kramer
Filed under Computer Forensics, Evidence Acquisition, Incident Response, Malware Analysis, Memory Analysis, Threat Hunting

Introduction The acquisition of process memory during behavioural analysis of malware can provide quick and detailed insight. Examples of where it can be really useful include packed malware, which may be in a more accessible state while running, and malware, which receives live configuration updates from the internet and stores them in memory. Unfortunately the … Continue reading Acquiring a Memory Dump from Fleeting Malware

24 Oct 2017

Uncovering Targeted Web-Based Malware Through Shapeshifting

0 comments Posted by Adam Kramer
Filed under Advanced Persistent Threat, Computer Forensics, Evidence Acquisition, Malware Analysis, Network Forensics

Targeted Web-Based Malware? Malware authors are frequently observed leveraging server side scripting on their infrastructure to evade detection and better target their attacks. This includes both exploit kits and servers hosting secondary stage payloads, all of which can easily be set up to alter their responses based on the footprint of the visitor. This could … Continue reading Uncovering Targeted Web-Based Malware Through Shapeshifting

Categories
Recent Posts
Archives
Links
Latest Blog Posts

Inhibiting Malicious Macros by Blocking Risky API Calls
April 15, 2018 - 4:21 PM

Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training th [...]
April 13, 2018 - 4:51 PM

SANS Threat Hunting and Incident Response Summit 2018 Call for Speakers - D [...]
January 29, 2018 - 4:02 PM

Latest Tweets @sansforensics

We have a BIG announcement in #DFIR ! "Case Leads", the SAN [...]
April 25, 2018 - 8:07 PM

Deriving Value from Adversary Intent with @RobertMLee @Drago [...]
April 25, 2018 - 8:00 PM

Take a short cut in your day with the #SQLite Pocketguide ht [...]
April 25, 2018 - 7:15 PM

Latest Papers

Pick a Tool, the Right Tool: Developing a Practical Typology for Selecting Digital Forensics Tools
By Rick Kiper

Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity
By Michael Long II

Automating Static File Analysis and Metadata Collection Using Laika BOSS
By Charles DiRaimondi IV

"This course is valuable to Law Enforcement professionals that conduct computer crime investigations."
- Reggie Harris, Federal Agent - DPE, OIG

"I had taken several other forensic courses prior to this one, but none of them or their instructors made understanding forensic methodologies and techniques as clear and understandable as Rob Lee and this course has."
- Nathon Heck, Purdue

"A great course on timeline, registry, and restore point forensics. SANS is continuing to be the leader on teaching new techniques happening with forensics."
- Brad Garnett, Gibson County Sherrif's Dept.