401 Reading 32 - marsecguy/reading-notes-cyberops GitHub Wiki
Malware Analysis
-
You just started a new job as a Malware Analyst. Explain your job responsibilities to a family member.
- Analyzing network data, both at rest and in transit, to try and detect malware that is either trying to infiltrate the system or already in it.
-
What are the six steps of the Malware Analysis process? What’s a good mnemonic you can use to remember it?
-
Capture the malware
-
Build a malware lab
-
Install tools
-
Record the baseline
-
Commence investigation
-
Document the results
-
Mnemonic: Chris Bennett is really cool, dammit!
-
-
You are tasked with analyzing a new malware sample. Which type of malware analysis would you conduct first and why?
- I would start with a static analysis, because:
- It is quick
- It can quickly reveal important info such as Indications of Compromise (IoC) and the nature of the code
- It can sometimes reveal enough detail to determine further analysis is not necessary, saving time
- I would start with a static analysis, because:
Source: Spiceworks