Blue ATT&CK will help blue teams in scoring and comparing data source quality, visibility coverage, detection coverage and threat actor behaviours. The Blue ATT&CK framework consists of a Python tool, YAML administration files and scoring tables for the different aspects.
https://github.com/rabobank-cdc/Blue-ATTACK
#blueteam #dfir #ir
https://github.com/rabobank-cdc/Blue-ATTACK
#blueteam #dfir #ir
Malware Analysis 101 - Basic Static Analysis
Malware Analysis is broadly divided into two groups Static Analysis & Dynamic Analysis. We can describe static analysis to be all those examinations of the malware where we don’t actually execute the malware but try to figure out what the malware is trying to do and the commands it is attempting to execute. Dynamic analysis, on the other hand, is all those examinations that you carry out when you actually execute the malware most preferably in a sandboxed environment and then try to figure out the functionality of the malware.
https://medium.com/bugbountywriteup/malware-analysis-101-basic-static-analysis-db59119bc00a
#malware #forensics #ir
Malware Analysis is broadly divided into two groups Static Analysis & Dynamic Analysis. We can describe static analysis to be all those examinations of the malware where we don’t actually execute the malware but try to figure out what the malware is trying to do and the commands it is attempting to execute. Dynamic analysis, on the other hand, is all those examinations that you carry out when you actually execute the malware most preferably in a sandboxed environment and then try to figure out the functionality of the malware.
https://medium.com/bugbountywriteup/malware-analysis-101-basic-static-analysis-db59119bc00a
#malware #forensics #ir
Medium
Malware Analysis 101 - Basic Static Analysis
A continuation of my previous write-up “Malware Analysis 101”, this explains the basic of Basic Static Malware Analysis.