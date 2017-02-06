Cisco: Malware Analysis for the Incident Responder
Malware is one of the most prevalent and most insidious forms of cyber attack. Identifying and eliminating them are critical in minimizing the impact of a breach. As a cybersecurity incident responder, I always end up performing some level of malicious file analysis. In this blog, I’ll share some recommended approaches that have worked for our Incident Response team.
Time is rarely on our side to perform deep analysis of the potentially malicious file. Reverse engineering a file can take weeks or months to complete and takes a level of skill which few individuals maintain. We need to develop indicators of compromise to complete the identification phase of the incident response process with some degree of haste. With an understanding of how to develop those indicators ourselves, we can quickly execute a response plan without needing to wait on full analysis.
Lenny Zeltser groups malware analysis into four stages. Starting from the easiest to use, fully-automated analysis, we move up into static property analysis, then to interactive behavior analysis, and finally into full manual code reversing. Many of you likely have experience using fully-automated analysis provided by tools such as ThreatGrid. These types of tools provide quick answers, but little in the way of interaction by the analyst. They are easy to use and certainly should be part of the incident responder’s tool kit. Sometimes though we need to do a little more analysis on a suspicious file.
Read the entire article here, Malware Analysis for the Incident Responder
via the fine folks at Cisco Systems.
Follow @DABCC Follow @douglasabrown
White Papers
Login VSI’s “VDI Reference Architecture Monthly”
Happy new year and welcome to the first Reference Architecture Monthly of 2017. Sorry it has taken me a while to get this one out. We’ve been having fun at the end of year festivities while also preparing some really cool stuff for Login PI and Login VSI. There were two reference architectures posted in […]
Share this:
How to use Skype Meeting Broadcast
eG Enterprise Logon Simulator for Citrix XenApp & XenDesktop – Solution Brief
steadyPRINT Data Sheet – centralized printer administration, monitoring and reliability!
Monitoring and Troubleshooting Citrix Logon Issues – White Paper