- Tools Design Information Security With Failure in Mind
Security controls will eventually fail despite best intentions—design architecture to detect suspicious activities early and limit incident scope when breaches occur. Like boats engineered to stay...
- Tools Process Hacker as an Alternative to Process Explorer and Task Manager
Process Hacker is an open source replacement for Task Manager and Process Explorer. It displays processes in a tree, color-codes debugged, service, and packed processes, shows network connections...
- Malware Using Netsh for Easier Network Setup in a Malware Lab
Windows' netsh tool can save and restore network configurations, useful for malware analysis labs that frequently switch between isolated segments and Internet-connected networks. Save configurations...
- Malware Analysis 3 Free NirSoft Tools for Malware Analysis
Three NirSoft utilities complement Process Monitor for behavioral malware analysis: ProcessActivityView shows file system access with bytes read/written, RegFromApp monitors registry changes, and...
- Malware The Dark Side of Remote Desktop
The Morto worm spread by scanning for RDP on port 3389 and brute-forcing Administrator passwords using common credentials. Tools like TSGrinder and Ncrack automate RDP password attacks. Mitigations...
- Malware Analysis Process Monitor Filters for Malware Analysis and Forensics
Process Monitor captures enormous amounts of data that can overwhelm analysts. Custom filters help by hiding boring entries or highlighting interesting events. Downloadable filter sets look for...