9618
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
I am currently working as a SOC Analyst with nine months of hands-on experience in monitoring, incident response, and threat detection. I am keen to advance my career by transitioning into a Malware Analyst role and would appreciate any guidance from you guys regarding the necessary skills, certifications, resources, or study paths to prepare myself for the same
Читать полностью…
I think it is a good thing to brush up on some fundamentals before going in.
For keeping up with the news and TTPs, I use MITRE ATTACK as my compass. It is really hard to wrap your head around all of these techniques esp when you only do RE as a hobby and not during your day-to-day work.
New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: Binary Breach
User ID: 1868147043
Reason: spam
read widely, find applications for those techniques will be much more helpful. either read MITRE ATT&CK references or read Malpedia
Читать полностью…
I have seen some assembly questions on the go, memory analysis related questions, differences between the various types of process injections (e.g. process hollowing vs process doppelgänging vs DLL injection)
some are also related to IR. why do you see this being injected to lsass.exe? what's the significance when you observe bla bla API calls and the given process tree?
better than theoretical knowledge is better to send a sample to be analyzed. you can add also question about programming (low level stuff and winapi)
Читать полностью…
@Libranalysis and @everyone
What are so good malware analysis and reverse engineering questions to ask during an interview? I have a Malware Reverse Engineer interview coming up and would like to learn what type of questions might come up?
I had brainstormed some examples like:
1. Explain process injection, runPE, ... etc
2. Could walk me through how to analyze shellcode, and how to write a program to launch shellcode?
3. Explain ransomware encryption schemes, pros and cons of each.
4. Multistage malware (how does the next stage gets dropped from the initial Word docx)?
5. Could you explain calling conventions and explain their designs?
6. Can you list some example of anti-debugging techniques and how to overcome them?
7. Given a brand new malware, how do you approach analyzing it?
8. What the difference between Yara and Sigma rules? and how can you hunt with them?
9. How does a malware choose a target process for injection? Why inject in itself sometimes?
Admin .. can I paste a survey here ? it has 2 questions only
Читать полностью…
Any one interested in Offensive macOS, check out, blog:
https://0xf00sec.github.io/0x1B
User Nkgg has 1/3 warnings; be careful!
Reason:
stay on topic
hey guys does anyone have vt subscription? i need setup.exe file from the recent eset compromise
link
Hello @aeonmusk, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Help❗️❗
Hii guys, I'm Adam.
My Instagram page, which is the community hub for 3D artists I manage, has been hacked. I’m receiving threatening messages and this could potentially cost me my job. I’ve tried contacting Instagram to resolve the issue, but their support forms aren’t working. My email, username, and phone number have all been changed, and the security codes I receive aren’t valid.
I thought I’d reach out here in case anyone with more experience has professional advice. I’m devastated right now as I don’t know when Instagram support will respond or if they’ll be able to fix this at all.😢
If there’s any way to fight the hacker on their own terms, I’ll do everything I can. Any help would be appreciated.
Thank you.
Curious to hear where do you get your latest trends.
I know of Malpedia, M-trends (yearly release) and some blogs like Unit 42, ...
Thanks ♥️🦦 and Libra, this is really great information
Читать полностью…
Hey, a question to discuss, how hard nowadays is to bypass CrowdStrike \ SentinelOne EDRs ?
Читать полностью…
Heya :)
If I were to interview someone, my questions would depend on the specific role and the maturity level of the role. My expectation of a senior researcher for a malware analysis role differs compared to a junior CTI analyst. Having said that, I'd ask about projects you've done, preferably ones where there is public information on them to be found. Based on that, I'd asses your skills, and ask you questions about the project, such as:
- Where did you get stuck?
- What was your approach when you were stuck?
- How did you solve the issues, and what did you learn?
- Why did you work on said project (especially if its something done in spare time)
- What tools did you use, and why
Additionally, I'd inquire about expectations (not talking salary, I'm not a manager, but about the day to day tasks you would like to do, and what you expect that needs to be done).
Granted, that is more of a "what did you do" line of questioning, so if I were to ask more specifics, I'd ask about some recent campaigns and what you know about them, and if they remind you of something. I.e. email thread hijacking is done by multiple families (i.e. Emotet used to), so if there is a recent report about that and you mention that, I can see if you can link it back to 'historic' events. This is to see if you are keeping an eye out for trends and recent events, and if you can correlate events, which will be required in such a role.
I'm not a fan of asking "how do you exactly walk the PEB" and other specific technical questions, as I feel the job is not trivia based, and I (too) look up how specific things work when I encounter them if I dont use them all too often. You have internet during your work to look things up, but you either are or aren't interested in infosec news, malware trends, etc as a person.
IR-related questions may put some malware analysts without IR experience at disadvantage, but this is not hard to overcome, because there are plenty of blogs that describe them, be it IR incidents or red teamers/pentesters finding ways to evade EDR
Читать полностью…
This is great, thanks for your feedback.
Yeah I was anticipating questions about Go, .NET and Rust malware (and other weaponization like Electron and cross-platform malware)
Also you are correct about the Mobile malware (questions related to how would approach analyzing a obfuscated Android app)
For the unpacking: they probably ask open ended or scenario based questions (like what is virtualization-based packing and how would you unpack it. Can you use automation/emulation)
Other questions I can think of:
- what is self modifiying code and how would you analyze it?
- explain API Hashing
Hello, this questions is good but I think is kinda easy I think, you may add extra questions about assembly language
Like, name the registers goals etc
How we could unpack the binaries using disassemblers
Either, I would ask about Android/IOS/MacOS/Linux malware too, it is getting spread nowadays
And maybe about some new/trend techniques, like Ghost injection, Hollowing, how it works and can be caught.
Depends on the survey topic: if its on-topic, then yes
Читать полностью…
Hi, has anyone tried or know if maldev academy is good? Or is there something better?
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: Jery Mems
User ID: 7514521798
Reason: ignores rules
Hello everyone, should you require assistance with reversing EXE and APK files despite their protection measures, feel free to reach out to me. I specialize in reversing files protected by various techniques, including but not limited to:
1. VMProtect
1. Themida
1. UPX (Ultimate Packer for eXecutables)
1. Enigma Protector
1. Armadillo
1. ASProtect
1. CodeVirtualizer
1. Obsidium
I have expertise in reversing both EXE and APK files and can provide the necessary services. Please don't hesitate to contact me for further assistance in this area
Hi all.
Since sans certifications are expensive, what certification or course do you recommend for malware analysis?