- Incident Response Incident Response on 64-Bit Windows Using 32-Bit Tools
Windows' WOW64 File System Redirector transparently redirects 32-bit tools accessing System32 to SysWOW64, causing forensic investigators to examine the wrong files without realizing it. Stick to...
- Tools Extracting Malicious Flash Objects from PDFs Using SWF Mastah
SWF Mastah by Brandon Dixon extracts malicious Flash objects from PDFs in one step, using the PDF X-RAY framework and Peepdf. It can handle complex PDF files even when pdf-parser fails to locate or...
- Malware Assigning Descriptive Names to Malware - Why and How?
Security researchers assign descriptive names to high-profile malware based on file names, registry keys, or embedded strings—whoever coins the name that sticks gets bragging rights. Duqu was named...
- Incident Response The Adversarial Cycle of Computer Attacks and Defenses
The adversarial cycle has four phases: Attack (unfettered), Detect (forming response), Defense (attack rendered ineffective), and Mutate (attacker adapts). Defenders shorten Attack/Detect through...
- Malware Analysis 3 Free Tools to Fake DNS Responses for Malware Analysis
When analyzing malware behaviorally, intercepting DNS queries lets you redirect network connections to lab systems. Three free tools simplify this: ApateDNS (Windows), FakeDNS (Windows), and...
- Malware How Antivirus Software Works: 4 Detection Techniques
Antivirus tools use four main detection techniques: signature-based (static fingerprints of known malware), heuristics-based (suspicious characteristics without exact matches), behavioral (observing...