Introduction When I talk about EDRs in this article, I mean a combination of endpoint protection (EPP) and endpoint detection and response (EDR). I also want to define the term “evasion” in the context of EDRs and malware. When I talk about the fact that it is or has been …
Read More »Incident Response Playbooks and Workflows
Incident-Response-Playbooks-and-workflows-1Download
Read More »Malicious Document Analysis [Episode 1]
Before starting the analysis, I’m going to use the following environment and tools: REMnux: https://docs.remnux.org/install-distro/get-virtual-appliance Didier Stevens Suite:https://blog.didierstevens.com/didier-stevens-suite/ Malwoverview:https://github.com/alexandreborges/malwoverview Furthermore, it’s always recommended to install Oletools # python -m pip install -U oletools All three tools above are usually installed on REMnux by default. However, if you are using Ubuntu …
Read More »