[RP]: It Is All About Program Execution
Nice article about malware mechanisms and analysis:
It Is All About Program Execution: http://journeyintoir.blogspot.de/2014/01/it-is-all-about-program-execution.html
Nice article about malware mechanisms and analysis:
It Is All About Program Execution: http://journeyintoir.blogspot.de/2014/01/it-is-all-about-program-execution.html
Nice presentation:
“Finding Malware Like Iron Man” by Corey Harrell
just a quick link: Extracting ZeroAccess from NTFS Extended Attributes
Just a quick repost of a nice article:
Hiding env./tools from malware a.k.a. fight fire with fire (but only inside VM)
Impressive list:
This blog posts describes how to install Thug (see http://www.honeynet.org/node/827, https://github.com/buffer/thug) on a fresh copy of REMnux 3.0 (VMware version). You should be familiar with VMware and Debian-like OS and have your favourite drugs (read: coffee) within reach …
Here’s a nice article on SANS about de-obfuscating malware in IE:
How to get samples for malware analysis:
http://dvlabs.tippingpoint.com/blog/2011/12/14/pastebin-malicious-samples-collection
Nice summary on anayzing PDF files:
http://forensicaliente.blogspot.com/2011/12/pdf-metadata-extraction-multiple-files.html