Friday, March 22, 2013

A little focus change

I would like to start blogging more on how to take indicators found in malware analysis and use those indicators in research to fully understand the campaign. We will still do step by step analysis of the samples found, we will just be including step by step research. This will include how to articles on using tools that are available for research.

We are looking for volunteers to post on these new topics. If you have an idea of a topic or would like to volunteer to write articles of this type, please send us a request.

6 comments:

  1. I look very forward to your upcoming posts!

    KP

    ReplyDelete
  2. Thanks! If you have anything you would like to see in a post, please let me know.

    ReplyDelete
  3. Curt,

    This is a great approach, especially since network indicators will assist those that can create custom rules (ArcSight, etc…) and run logger searches. When it comes to host indicators those will also come in handy as well. I would like to see if in the future you can provide Malware samples, list of callbacks, Strings of interest (GET/POST) and possibly infection vector. Keep up the good work and looking forward to future articles.

    ReplyDelete
    Replies
    1. Thats the hope itg33k. I just completed the first of my three threat intel classes. I have a few more helpers as you can see under the contributors section so here is to hoping it picks back up.

      As far as hosting the samples, I'd really rather not. We have been using Offensive Computing so as to not reinvent the wheel. We may have some ideas cooking on using a Threat Intel platform such as Threat Connect (http://www.threatconect.com) or something similar thought.

      Delete
  4. Eric, what do you mean by BitLocker? To show how we continue to bypass it 7 ways from Sunday : x. Please let me know.

    ReplyDelete