Today, I published the following diary on isc.sans.edu: “Quick Malware Triage With Inotify Tools“:
When you handle a lot of malicious files, you must have a process and tools in place to speedup the analysis. It’s impossible to investigate all files and a key point is to find interesting files that deserve more attention. In my malware analysis lab, I use a repository called my “Malware Zoo” where I put all the files. This repository is shared across different hosts (my computer, REMnux and Windows virtual machines). This helps me to keep all the “dangerous files” in a central location and avoid spreading dangerous stuff everywhere. When you analyze a malware, you’ll quickly generate more files: You extract shellcodes, configurations, DLLs, more executables and those files should also be analyzed. To perform a quick triage with basic operations, I rely on the Inotify suite… [Read more]
The post [SANS ISC] Quick Malware Triage With Inotify Tools appeared first on /dev/random.
Click to Open Code Editor