Summary
Keywords
Full Transcript
In this full series we will talk about Incident Response and it will be a Free Training Course for everyone. Today is Day-15 and I will show you how can you analyze a malicious document file which might come to you via any incident/report or by any means. If you are upladoing them for a analysis in VirusTotal/JoeSandbox or any online Sandbox tool, that's a BIG NO! You have to learn the skills to analyze these files manually inhouse. You can create automation workflow out of it, but that should be done inhouse. So, in this episode, I will show you from scratch how can you analyze one such document to identify what are the static properties of it, how can you easily extract IOCs/IOAs to take immediate action and how can you even understand what are the probable TTPs of that document, if any macro is hidden on it or not. As a prerequisite you MUST be prepared with your Lab set-up now which I have explained here- https://youtu.be/zyjwo8z3PtU So get ready with your Lab and follow along with me if you want to make your hands dirty doing this analysis. You can download any such malicious samples from Online Sandboxes for practice. WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course đhttps://youtube.com/playlist?list=PLjWEV7pmvSa4yvhzNsCjOJovOn1LLyBXB DFIR Free Tools and Techniques đ https://youtube.com/playlist?list=PLjWEV7pmvSa6f-NTpXsaUYWZLjLAB_0TS Windows and Memory Forensics đ https://youtube.com/playlist?list=PLjWEV7pmvSa50erciZUSnzvE7nK0FyvsH Malware Analysis đ https://youtube.com/playlist?list=PLjWEV7pmvSa6u32RongesgDtkfKBfrFWW SIEM Tutorial đ https://youtube.com/playlist?list=PLjWEV7pmvSa7cXTkCppnYHERUdy8Dd71x Threat Hunt & Threat Intelligence đ https://youtube.com/playlist?list=PLjWEV7pmvSa5UTZlsWp5wRnURNbeMS-fu â Timelines ------------------------------------------------------------------------------------------------------------------------- 0:00 â© Introduction 1:09 â© Identify static properties 3:46 â© Load the file in VM 10:36 â© Decode PowerShell Code 16:01 â© Any other IOC? 19:09 â© Summarize đđČ FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- â LinkedIn: https://www.linkedin.com/company/blackperl â You can reach out to me personally in LinkedIn as well- https://bit.ly/38ze4L5 â Twitter: @blackperl_dfir â Git: https://github.com/archanchoudhury â Insta: (blackperl_dfir)https://www.instagram.com/blackperl_dfir/ â Can be reached via [email protected] SUPPORT BLACKPERL ------------------------------------------------------------------------------------------------------------------------- âââŠâââŠââââŠââŠâŠâŠâŠââââ âââŁâââââŁââŁââŁââŁâââŁâ⣠â âââââââ ââââŁââââââ⣠âââ©âââ©ââ©ââ©ââ©âââ©ââ©ââ âĄïž SUBSCRIBE, Share, Like, Comment â Buy me a Coffee đ https://www.buymeacoffee.com/BlackPerl đ§ Sponsorship Inquiries: [email protected] ------------------------------------------------------------------------------------------------------------------------- đ Thanks for watching!! Be CyberAware!! đ€
