Detection and Response
- Detection and Response: Cross-platform file analysis framework, breaking a crypter with Z3, Linux distro for investigations and OSINT, making data-driven incident response decisions, free malware analysis course from the University of Cincinnati
0xsha / florentino
A cross-platform file analysis framework useful for extracting static resources from malware and unknown file analysis.
Breaking TA505’s Crypter with an SMT Solver
“We know the output for the first iteration being a compressed binary will be
‘M8Z\x90’ so we can construct our problem in
Z3 and let it solve what the XOR key should
be. After solving for the XOR key we just decode the data and write out the
decompressed file.”
Meet CSI Linux: A Linux Distro For Cyber Investigation And OSINT A part of me read this title and immediately thought CSI Cyber, a modern CBS classic in which computer security is represented accurately and never over-hyped, a show devastingly canceled after only 2 seasons. See CSI Linux’s full tool list here.
How to Make Data-Based Decisions During Incident Response: OODA for DFIR 2020
The talk focuses on the “D” in OODA, and presents some nice ideas around having
the right framework and mental model for making decisions. Lately I’ve been
really appreciating “teaching you how to fish” posts like this, as they help you
generalize, rather than posts that are, “I did X and got Y result.”
CS6038/CS5138 Malware Analysis
As someone who mostly grew up in Cincinnati, it’s neat to see the University of
Cincinnati releasing some cool security curriculum for free online. This class
aims to introduce attendees to malware concepts, types of malware, common attack
recipes, and black-box reverse engineering techniques.