Hi Sir, I have query.. When Handling incident if we identify the process on proc exp based on virus total score, company name etc.. then next step is to suspend then kill and then open autorun to check and reg entries and just uncheck them will do or do we need to delete or use jump to entry and remove the value. Just building the connection of steps during IR. Thank you.
Please make video on malware hunting in Crowdstrike EDR tool
Best vedio 😍😍
Thank you for this video. its very good and easy to understand
thank you sir
awesome video, what other sources would you recommend us to start learning more of these knowledge
Letsdefend.io
the best video, thanks,
Hi Sir, I have query.. When Handling incident if we identify the process on proc exp based on virus total score, company name etc.. then next step is to suspend then kill and then open autorun to check and reg entries and just uncheck them will do or do we need to delete or use jump to entry and remove the value.
Just building the connection of steps during IR.
Thank you.
All the steps you mentioned are correct. Don't forget to check the registry, temp files and %appdata% folder.
you have a knack for teaching
Imagine a malware manipulating your systinternal tools after you add it to the PATH.
Yup !
@@MotasemHamdan Do you recommend any material to read on the information you shared in your presentation?
Well, what source?
Txh 😳
1st🔥🔥🔥