@mikecybersec

Sign in

What is the Attack Range?

So the Attack Range in a nutshell is a way to spin up an environment…


Purchasing Decisions


Before Starting

If you want to automate the deployment of the tooling here…

  • Set your execution policy to unrestricted
  • Use a test VM
  • Run powershell as Admin before running the script

Benefits of SIGMA

Sigma is an open standard for writing rules that can be used in SIEM and log management solutions. Imagine Snort rules for NIDS, YARA for malware… Sigma for SIEM.

  • The…


CVE-2020–1472

https://dribbble.com/shots/8521877-Malware-Scanner-CSS-Animation

Netlogon

When consulting our open sources for potentially vulnerable devices worldwide, we’re still seeing a high volume of public facing devices that are not patched.

Detection with a Vanguard Compromise Assessment

Vanguard Cyber Security offer a cutting edge, cloud based compromise assessment platform. …


Credit: https://dribbble.com/shots/6720826-Hacking-scene-Mr-Robot-Back

https://dribbble.com/shots/2689257-Research-icon
  • Restore the host if anything suspicious occurs.
  • Keep up with patches on the virtualisation software, zero days are a thing.

Static analysis lab build

FlareVM — Windows Based lab by FireEye — Tutorial on how to install here

Dynamic analysis lab

Hardened version of Ubuntu required as Host OS. (Use Linux if the malware sample targets Windows to avoid any outbreak otherwise us Windows if it targets Linux!)

Dynamic analysis toolbelt:

  • Fakenet — Simulates network requests for malware
  • INetSim — Simulates services on your machine
  • Wireshark — Record your network activity
  • Process Hacker — Observes running processes
  • Process Dump —…


https://dribbble.com/shots/4613596--Dead-Screen

https://dribbble.com/shots/785543-IE-legacy-warning

Malware written in GoLang

GoLang based malware has been known to spike since the beginning of 2019 and poses a big threat to even experienced Malware Analysts. There are over 53 known malware families known using this language and it is very flexible. Read about it here: https://unit42.paloaltonetworks.com/the-gopher-in-the-room-analysis-of-golang-malware-in-the-wild/

Static Analysis in REMnux

Malwology wrote this article (He’s a SANS610 instructor). He covers some very good Python based tools for statically analysing PE’s, some of those that seem unconventional compared to your current arsenal of tools. …


https://dribbble.com/shots/2194105-Malware-detection-in-Firefox-Downloads

Malware Analysis Series

You’ll see multiple articles numbered “MA-X”, for example “MA-01 — Emerging Malware Analysis News/Intel”, I recommend you read them sequentially if you’re new. You can refer to the series as a handbook.

Malware analysis methodology

These are going to be questions that you want to answer when analysing malware, what you want to achieve essentially by performing malware analysis.


Source: https://dribbble.com/shots/11988083-Server-Icons

Introduction

In a landscape where we see odd traffic all the time in networks, pulling PCAP’s and remembering your Wireshark expressions can sometimes be a bit of a nightmare… That never ending list in your notes of expressions.

@mikecybersec

Twitter: @mikecybersec

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store