Incident Response Training Course, Malicious Document Analysis, Day 15

preview_player
Показать описание
In this full series we will talk about Incident Response and it will be a Free Training Course for everyone. Today is Day-15 and I will show you how can you analyze a malicious document file which might come to you via any incident/report or by any means. If you are upladoing them for a analysis in VirusTotal/JoeSandbox or any online Sandbox tool, that's a BIG NO! You have to learn the skills to analyze these files manually inhouse. You can create automation workflow out of it, but that should be done inhouse.

So, in this episode, I will show you from scratch how can you analyze one such document to identify what are the static properties of it, how can you easily extract IOCs/IOAs to take immediate action and how can you even understand what are the probable TTPs of that document, if any macro is hidden on it or not.

WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------


Timelines
-------------------------------------------------------------------------------------------------------------------------
0:00 ⏩ Introduction
1:09 ⏩ Identify static properties
3:46 ⏩ Load the file in VM
10:36 ⏩ Decode PowerShell Code
16:01 ⏩ Any other IOC?
19:09 ⏩ Summarize

📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ Twitter: @blackperl_dfir

SUPPORT BLACKPERL
-------------------------------------------------------------------------------------------------------------------------
╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝
➡️ SUBSCRIBE, Share, Like, Comment

-------------------------------------------------------------------------------------------------------------------------
🙏 Thanks for watching!! Be CyberAware!! 🤞
  1. BlackPerl
  2. incident response training course
  3. incident response
  4. Incident response training
  5. malicious document analysis
  6. malicious documents dropper analysis
Рекомендации по теме
Incident Response Training 0:20:37

Incident Response Training Course, Malicious Document Analysis, Day 15

SOC 101: Real-time 0:12:30

SOC 101: Real-time Incident Response Walkthrough

Incident Response Training 0:31:23

Incident Response Training Course, Malware Alert Investigation, Day 14

Incident Response: Malware 0:33:56

Incident Response: Malware Investigations | Virtual Ninja Training with Heike Ritter

The Most Demanded 3:52:04

The Most Demanded Cybersecurity Skill For 2020: Intro to Malware Incident Response Training

Malware Analysis Training 0:09:25

Malware Analysis Training - Incident Response

Malware Incident Response 0:37:12

Malware Incident Response

Incident Response Plan 0:07:26

Incident Response Plan (CISSP Free by Skillset.com)

Best Platform To 0:03:46

Best Platform To Learn The Best Cybersecurity |Cybersecurity Training|Free Cybersecurity Courses

Incident Response Training, 0:35:45

Incident Response Training, How to Remove Malware- Day 19, Automate Linux Analysis

AJ Leece: Malware 0:58:55

AJ Leece: Malware Analysis for Incident Response

01 Malware and 0:00:56

01 Malware and Incident Response LiveLessons Introduction

Incident Response Training, 0:33:21

Incident Response Training, Essential Malware Analysis- Day 21

Malware Analysis Course 0:02:01

Malware Analysis Course FOR610 Introduction by Lenny Zeltser

Cybersecurity Expert Demonstrates 0:03:27

Cybersecurity Expert Demonstrates How Hackers Easily Gain Access To Sensitive Information

Analyzing The Hacintor 0:21:36

Analyzing The Hacintor Malware with Wireshark | Blue Team Incident Response

Malware Incident Response 0:54:02

Malware Incident Response The 'CliffsNotes' Version

Malware Analysis and 0:09:25

Malware Analysis and incident Response

Shortcuts for Understanding 1:07:13

Shortcuts for Understanding Malicious Scripts

Incident Response Process 0:10:27

Incident Response Process - SY0-601 CompTIA Security+ : 4.2

Cybersecurity Threat Hunting 0:06:51

Cybersecurity Threat Hunting Explained

Incident Response Training 0:34:27

Incident Response Training Course, Malware Incident Triage, How to Install Cuckoo, Day 16

What's new in 0:10:55

What's new in the FOR610: Reverse-Engineering Malware Analysis course in 2017

Cybersecurity Incident Response 0:00:58

Cybersecurity Incident Response Engineer #cybersecurity #malware

Комментарии
Автор

In this full series we will talk about Incident Response and it will be a Free Training Course for everyone. Today is Day-15 and I will show you how can you analyze a malicious document file which might come to you via any incident/report or by any means. If you are upladoing them for a analysis in VirusTotal/JoeSandbox or any online Sandbox tool, that's a BIG NO! You have to learn the skills to analyze these files manually inhouse. You can create automation workflow out of it, but that should be done inhouse.

So, in this episode, I will show you from scratch how can you analyze one such document to identify what are the static properties of it, how can you easily extract IOCs/IOAs to take immediate action and how can you even understand what are the probable TTPs of that document, if any macro is hidden on it or not.


WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!



Timelines

0:00 ⏩ Introduction
1:09 ⏩ Identify static properties
3:46 ⏩ Load the file in VM
10:36 ⏩ Decode PowerShell Code
16:01 ⏩ Any other IOC?
19:09 ⏩ Summarize


📞📲
FOLLOW ME EVERYWHERE-

✔ Twitter: @blackperl_dfir

SUPPORT BLACKPERL

╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝
➡️ SUBSCRIBE, Share, Like, Comment


🙏 Thanks for watching!! Be CyberAware!! 🤞

BlackPerl
Автор

learning so much from this playlist. sharing it with all my network.

nitroxicated
Автор

Quick and Smart steps. Fiddler is a new addition to the arsenal.

futurebuddies
Автор

Its a great video and i love it.. thank you for that dude and i had a query here.
You have mentioned in the last that to use this 267.exe ioc in the edr or av to stop this threat but what if the attacker has changed the name from 267.exe to someother so how can we catch that now… because there is no hash value right so is there any chance of capturing that ioc in other ways other than name..

mohanveeradurgarao
Автор

This is great.
Please make a Video or series for creating rules in QRADAR.

Thanks

narendermahur
Автор

Great video as always Archan! I have a question for you. In a real life corporate scenario where a user has received an email with a suspicious attachment, how do you recommend moving this particular attachment to the malware analysis sandbox without using a memory stick, email, or opening ports?

samwebb
Автор

loved it. was waiting to see the usage of the tools from vm lab.

zivakhan
Автор

Can you make on videos where computers are already compermised like ransomware or exchange server proxy login compermise. And client is new to you. You do not have any control yet. How you will start IR in this scenario.

cyberwarriorall
Автор

excellent content. fiddler is really a nice tool to intercept traffic.

jamescullins
Автор

every time blackperl says "this particular sucker" i smile xD

manfrombritain
Автор

Dada pls provide this sample for practice

sayankumardey