lystn

Tyler Hudak (@secshoggoth) came to discuss with us the process of doing analysis on malware binaries. We talk about MASTIFF, his malware framework.  We also discuss how to gain information from malware program headers, and some software that is used to safely analyze it. Helpful Links: Ida Pro: https://www.hex-rays.com/products/ida/ Process Monitor - http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Mastiff White Paper: http://digital-forensics.sans.org/blog/2013/05/07/mastiff-for-auto-static-malware-analysis Mastiff latest: http://sourceforge.net/projects/mastiff/files/mastiff/0.6.0/ cuckoo sandbox: www.cuckoosandbox.org Anubis: https://anubis.iseclab.org/   PE Headers: http://en.wikipedia.org/wiki/Portable_Executable ELF: http://fr.wikipedia.org/wiki/Executable_and_Linkable_Format REMnux- reverse engineering linux distro:https://remnux.org/   Inetsim: http://www.inetsim.org/     Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/