malwaredynamicanalysis05 -...
TRANSCRIPT
1
2
3
[References] • Joe Sandbox, h0p://www.joesecurity.org/index.php/joe-‐sandbox-‐standalone • GFI Sandbox, h0p://www.gfi.com/malware-‐analysis-‐tool • Cuckoo Sandbox, h0p://www.cuckoosandbox.org • ThreatExpert, h0p://www.threatexpert.com/submit.aspx • GFI ThreaetTrack, h0p://www.threa0rack.com/ • Anubis, h0p://anubis.iseclab.org/ [Image Sources] • h0p://plannerwire.net/wp-‐content/uploads/2011/02/Playing-‐
Sandbox_meeNng_planners.gif
4
[References] • Cuckoo Sandbox Book, h0p://docs.cuckoosandbox.org/en/latest [Image Sources] • h0p://www.cuckoosandbox.org/graphic/cuckoo.png
5
6
7
8
[References] • MAEC, h0ps://maec.mitre.org
9
[References] • MAEC Use Cases, h0p://maec.mitre.org/language/usecases.html • MAEC in Use, h0p://maec.mitre.org/about/inuse.html [Image Sources] • h0p://maec.mitre.org/language/images/usecases-‐1.jpg
10
11
12
13
14
15
16
17
18
[References] • Andrew Davis, Leveraging the ApplicaNon CompaNbility Cache in Forensic
InvesNgaNons, h0ps://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf
19
20
21
22