SANS Digital Forensics and Incident Response Blog: Category - Malware Analysis

14 Nov 2018

Shortcuts for Understanding Malicious Scripts

0 comments Posted by sansdfir
Filed under Advanced Persistent Threat, Case Leads, Computer Forensics, Evidence Acquisition, Evidence Analysis, Incident Response, Malicious Scripts, Malware Analysis, Reverse Engineering, Threat Hunting

You are being exposed to malicious scripts in one form or another every day, whether it be in email, malicious documents, or malicious websites. Many malicious scripts at first glance appear to be impossible to understand. However, with a few tips and some simple utility scripts, you can deobfuscate them in just a few minutes. … Continue reading Shortcuts for Understanding Malicious Scripts

15 Apr 2018

Inhibiting Malicious Macros by Blocking Risky API Calls

0 comments Posted by Adam Kramer
Filed under Advanced Persistent Threat, Cyber Kill Chain, Malicious Scripts, Malware Analysis

Microsoft Office Macros have been the bane of security analysts' lives since the late 1990s. Their flexibility and functionality make them ideal for malware authors to use as a primary stage payload delivery mechanism, and to datethe challenge they pose remains unsolved. Many organisations refrain from blocking them completely due to the impact it … Continue reading Inhibiting Malicious Macros by Blocking Risky API Calls

13 Apr 2018

Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training this Year

0 comments Posted by sansdfir
Filed under Advanced Persistent Threat, Computer Forensics, Computer Forensics and IR Summit, Cyber Threat Intelligence, DFIR Scholarship, DFIR Summit, Drive Encryption, Forensic4Cast Awards, Incident Response, iOS, Lethal Forensicator Coins, Malware Analysis, Memory Analysis, Mobile Device Forensics, Network Forensics, Network Forensics, Registry Analysis, REMnux, Reverse Engineering, SIFT Workstation, smartphone, Specials, Threat Hunting, Threat Hunting & Incident Response Summit, Timeline Analysis, Training, USB Device Analysis, Windows Memory Forensics

The SANSDFIR Summit and Training 2018is turning 11!The 2018 event marks 11 years since SANS started what is todaythedigital forensics and incident response event of the year, attended by forensicators time after time. Join us and enjoy the latest in-depth presentations from influential DFIR experts and the opportunity to take an array of hands-on SANS … Continue reading Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training this Year


Tags: Coin Slayer, Computer Forensic Training, DFIR course coins, DFIR Management, dfir netwars, DFIRSummit 2018, Incident Response, mac forensics, Memory Forensics, mobile forensics, Network Forensics, Reverse engineering Malware, Threat Hunting, Windows Forensics Analysis
16 Dec 2017

Automated Hunting of Software Update Supply Chain Attacks

0 comments Posted by Adam Kramer
Filed under Advanced Persistent Threat, Malware Analysis, Network Forensics, Threat Hunting

Software that automatically updates itself presents an attack surface, which can be leveraged en masse through the compromise of the vendor's infrastructure. This has been seen multiple times during 2017, with high profile examples includingNotPetya and CCleaner. Most large organisations have built robust perimeter defences for incoming and outgoing traffic, but this threat vector … Continue reading Automated Hunting of Software Update Supply Chain Attacks

27 Nov 2017

Acquiring a Memory Dump from Fleeting Malware

2 comments Posted by Adam Kramer
Filed under Computer Forensics, Evidence Acquisition, Incident Response, Malware Analysis, Memory Analysis, Threat Hunting

Introduction The acquisition of process memory during behavioural analysis of malware can provide quick and detailed insight. Examples of where it can be really useful include packed malware, which may be in a more accessible state while running, and malware, which receives live configuration updates from the internet and stores them in memory. Unfortunately the … Continue reading Acquiring a Memory Dump from Fleeting Malware

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





Share

Categories
Recent Posts
Archives
Links
Latest Blog Posts

The new version of SOF-ELK is here. Download, turn on, and get going on for [...]
December 04, 2018 - 5:12 PM

Shortcuts for Understanding Malicious Scripts
November 14, 2018 - 4:41 PM

How to build an Android application testing toolbox
November 13, 2018 - 3:16 PM

Latest Tweets @sansforensics

Blog by @iamevltwin: On the Second Day of APOLLO, My True L [...]
December 15, 2018 - 1:01 PM

. @hexacorn Blog: Sysmon and an accidental anti-disassemblin [...]
December 15, 2018 - 1:10 AM

. @hecfblog post: Daily Blog #567: Forensic Lunch 12/14/18 [...]
December 14, 2018 - 8:26 PM

Latest Papers

Evidence of Data Exfiltration via Containerised Applications on Virtual Private Servers
By Seth Enoka

Using Image Excerpts to Jumpstart Windows Forensic Analysis
By John Brown

Windows 10 as a Forensic Platform
By Ferenc Kovacs

"The class provided in-depth, real world, hands-on information."
- Robert Dale Drollinger, General Dynamic

"This course ROCKS! You can not call yourself a Forensics expert without taking the course from Rob Lee!."
- Ernie Hernandez, Prosoft

"A great course on timeline, registry, and restore point forensics. SANS is continuing to be the leader on teaching new techniques happening with forensics."
- Brad Garnett, Gibson County Sherrif's Dept.