“The Attack Range is a detection development platform, which solves three main challenges in detection engineering. First, the user is able to build quickly a small lab infrastructure as close as possible to a production environment. Second, the Attack Range performs attack simulation using different engines such as Atomic Red…

Hopefully a write up that will help you weigh up your choice with the INE Cyber Security pass. Purchasing Decisions Cheap isn’t always bad So I needed a platform or feed of training that was quite T shaped i.e. it covered a lot of areas, I recently started up https://vanguardcybersecurity.co.uk …

Before Starting If you want to automate the deployment of the tooling here… Please see my Github for a .ps1 script to automate the install of the above, all you’ll need to do is retrieve your unique configuration for winlogbeat from Logzio. Advice: Set your execution policy to unrestricted Use a test…

Ransomware is now seasonal “And how your educational year starts?” Recently, we’ve seen two high profile attacks on two UK based universities. Both attacks bearing hallmarks of ransomware, with one being claimed by DoppelPaymer. I recently read an article about general crime being seasonal, the same appears to be apparent…

Foreword Restore the host if anything suspicious occurs. Keep up with patches on the virtualisation software, zero days are a thing. Static analysis lab build FlareVM — Windows Based lab by FireEye — Tutorial on how to install here REMnux — Linux Based lab maintained by Lenny Zeltser Dynamic analysis lab Hardened version of Ubuntu required as…

WindowsAPI Primer for Malware Analysis The Windows API is a common method Windows based malware will interface with the operating system to accomodate its functionality. Functions are required to ‘do something’, such as decrypting strings, making connections to IP addresses or enumerating processes on the victim machine. These functions exist…

Malware written in GoLang GoLang based malware has been known to spike since the beginning of 2019 and poses a big threat to even experienced Malware Analysts. There are over 53 known malware families known using this language and it is very flexible. Read about it here: https://unit42.paloaltonetworks.com/the-gopher-in-the-room-analysis-of-golang-malware-in-the-wild/ Static Analysis in REMnux Malwology wrote this article (He’s a…

To get you started, read https://digital-forensics.sans.org/media/malware-analysis-cheat-sheet.pdf Malware Analysis Series You’ll see multiple articles numbered “MA-X”, for example “MA-01 — Emerging Malware Analysis News/Intel”, I recommend you read them sequentially if you’re new. You can refer to the series as a handbook. Malware analysis methodology These are going to be questions that you want to answer when…