In my experience of analyzing malware, the high-level process has always been straightforward. Examine static attributes, run it in a
Continue reading
Category: Threat Detection / Intelligence
Binary Similarity Measure using ssdeep
We have all used cryptographic hashes to determine the integrity of files. You may have a preference for MD5, SHA256, SHA512,
Continue reading
Honeypot, Malware and Splunk
Many articles in my blog are dedicated to malware analysis. All of the articles involve downloading the malware from malware
Continue reading
Learning Splunk Rules by Analyzing iptables Firewall Logs
The 21st century is the age where information is power. This information comes in various forms of machine data which
Continue reading