Thank you to TryHackMe for having me back this year for Advent of Cyber 2022!
Get started here: tryhackme.com/christmas
00:00-00:44 - hey everybody
00:44-01:43 - intro and background, the point of malware analysis
01:43-04:46 - basic static analysis, FLAREVM, Detect It Easy, identify UPX packer
04:46-05:43 - strings, packed malware strings are not particularly helpful
05:43-07:18 - analysis with CAPA but no useful info because the malware is still packed!
07:18-10:11 - unpack the malware with the UPX packer, remove .viv file, rerun CAPA and analyze output
10:11-11:26 - answering the static analysis phase questions
11:26-14:38 - begin basic dynamic analysis phase with Procmon, talk about malware analysis safety
14:38-21:20 - first malware detonation, checking in Procmon for registry activity, filtering and excluding Procmon events
21:20-23:43 - filtering in Procmon for file system activity, identifying file creations at detonation
23:43-28:13 - grepping for URLs with FLOSS, identifying network activity in Procmon
28:13-29:29 - THANK YOU ALL. have a great holiday season, happy new year, see you around 💖
Негізгі бет Ғылым және технология THEY GAVE ME THE MALWARE ANALYSIS ROOM kekw | TryHackMe Advent of Cyber 2022 Day 12
Пікірлер: 77