Aim: Create a PowerShell script that takes a suspected malicious file as input and generates a report on the files after applying the techniques outlined in the first 2 chapters of the book Practical Malware Analysis.

Step 1 - Basic Static Analysis

Unlike PMA, I will not be submitting to VirusTotal. In general it is not a good idea to upload straight to VT in case the file you are uploading contains identifying or sensitive information about your organization. …


Diving into the world of malware analysis is intimidating. I am compiling a list of resources I am using myself as I dive into this and hope they will be useful for others. This list is by no means authoritative or definitive and is a work in progress as I come across new resources.

This will not include any information on recommended background knowledge, but to get the most out of these resources you should have some familiarity with networking, programming and operating systems.

Books

Practical Malware Analysis - https://nostarch.com/malware

Challenges

Flare-on - https://flare-on.com
Ma’s Reversing - http://3564020356.org

Guides

MalwareBytes|So You Want To Be A Malware Analyst - https://blog.malwarebytes.com/security-world/2012/09/so-you-want-to-be-a-malware-analyst

Malware

vx-underground - https://vx-underground.org


FLARE VM is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc developed by Fireeye. The set up is relatively straight forward but I thought since I am setting up a VM for myself it would be worth documenting the process in case it is of use to anyone else doing the same.

  1. To start with set up a clean Windows VM add as much RAM as you can, I used 8GB. I won’t go into specifics here, if you haven’t set up a VM in VirtualBox before I recommend following along this guide: https://www.computerworld.com/article/2825616/no-hassle-way-to-install-windows-10-with-virtualbox.html

We are in the middle of the worst pandemic since the Hong Kong flu 50 years ago. COVID-19 directly affects the life of millions of people worldwide every day, throwing the patterns and routines of theirs lives into flux. As always change brings opportunity; geopolitical forces continue to exert themselves while we self-isolate and will take advantage of these opportunities as they are discovered.

What doors are being opened? The most obvious are disinformation campaigns especially considering the upcoming US election, Hong Kong protests, rising tension between Taiwan and Mainland China, increased Scottish independence sentiment post-Brexit, among other current events…


If you give a hacker a new toy, the first thing he ll do is take it apart to figure out how it works. - Jamie Zawinski

Reconnaissance

To recon this box I started with nmap as usual.


False flags have always been a popular way to deflect responsibility for starting a conflict or to drag an ally into war, I will focus on the later here.

I am going to outline a hypothetical scenario that draws on current and historical events to outline the potency that cyber operations could add to a false flag operation designed to draw an ally into war.

The actor in this scenario will be Israel and their aim will be to draw the US into a conflict with Iran with the goal of destroying Iran’s nuclear assets. The Israelis have decided that…

Elliot Parsons

My interests are history, politics, economics, computer science and cybersecurity. Always remember to seize the cheese.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store