Tool Spotlight: Performing Rapid Triage Analysis using ANY.RUN!
Вставка
- Опубліковано 18 вер 2024
- Gathering important indicators of compromise from unknown files is a crucial first step when responding to an incident or performing malware analysis. ANY.RUN is one of my go to tools to help with this task. ANY.RUN provdies quick and safe initial assessment. This cloud-based sandbox environment allows me to detonate the file in a controlled setting, observing its behavior from a browser. ANY.RUN's rapid triage analysis provides valuable insights like network activity, suspicious file creations, and API calls. This initial intel helps me prioritize potential threats and determine if a deeper, more time-consuming analysis is necessary.
Sign up for ANY.RUN to use interactive malware analysis:
app.any.run/?u...
Integrate ANY.RUN solutions into your company:
any.run/demo/?...
Join this channel to get access to perks:
/ @jstrosch
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 www.pluralsigh...
🌶️ UA-cam 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 / joshstroschein
🌎 Follow me 👉🏻 / jstrosch , / joshstroschein
⚙️ Tinker with me on Github 👉🏻 github.com/jst...
🤝 Join the Discord community and more 👉🏻 www.thecyberye...
1:46 Today's sample
3:08 Public reports and tags
3:52 Submitting for public analysis
5:08 Running analysis
6:04 Extending analysis run-time
6:36 Interactive desktop session
7:23 Threats tab - aka Suricata alerts
9:01 Investigating HTTP request/response content
11:45 What we've found so far
12:20 Viewing DNS queries
13:45 Leveraging tags to speed up analysis
15:58 Process details
16:08 Config extraction - XOR encrypted URLs
16:55 Summarizing IOCs
17:52 Process graph
18:25 Enhancing understanding with previous reporting
Can you list few projects in malware analysis for students who are choosing this career, and this projects can be a very good point of development (easy, medium and haRD), also can I get the (malware sample) website/link