- Malware Analysis How Security Companies Assign Names to Malware Specimens
Security companies base malware naming on the CARO scheme, which groups specimens into families by code similarity in a Type/Platform/Family.Variant format. MITRE's Common Malware Enumeration...
- Malware Analysis 3 Free Tools to Fake DNS Responses for Malware Analysis
When analyzing malware behaviorally, intercepting DNS queries lets you redirect network connections to lab systems. Three free tools simplify this: ApateDNS (Windows), FakeDNS (Windows), and...
- Tools Process Hacker as an Alternative to Process Explorer and Task Manager
Process Hacker is an open source replacement for Task Manager and Process Explorer. It displays processes in a tree, color-codes debugged, service, and packed processes, shows network connections...
- Malware Analysis 3 Free NirSoft Tools for Malware Analysis
Three NirSoft utilities complement Process Monitor for behavioral malware analysis: ProcessActivityView shows file system access with bytes read/written, RegFromApp monitors registry changes, and...
- Malware Analysis Process Monitor Filters for Malware Analysis and Forensics
Process Monitor captures enormous amounts of data that can overwhelm analysts. Custom filters help by hiding boring entries or highlighting interesting events. Downloadable filter sets look for...
- Malware Analysis Virtualized Network Isolation for a Malware Analysis Lab
Default VMware host-only networking allows the physical host to interact with virtualized lab systems through a virtual adapter. For better isolation, create a dedicated virtual network (e.g.,...