Hunting with YARA rules and ClamAV
Didier Stevens has published a post about using ClamAV with YARA rules for hunting in NVISO Labs blog. He notes that on…
Simple Static Malware Analyzer
SSMA is a simple malware analyzer written in Python 3. The tool has the following features: Analyze PE file’s header a…
Hardening Win7 x64 on VirtualBox for Malware Analysis
Byte Atlas has published an interesting post on how to create and configure Windows 7 x64 virtual machine in VitrualBox for …
Running Executables on macOS From Memory
Stephanie Archibald from Cylance has written an article about the execution of multi-stage payloads on Mac OS X (up to Sierr…
Analyze the boot records used by BIOS based systems with bootcode_parser
bootcode_parser.py is a Python script designed to perform a quick offline analysis of the boot records used by BIOS based sy…
Principles of Android Malware Detection
In this article, we are dealing with the main principles of the detection and analysis of the Android operating system malwa…
Noriben – Portable, Simple, Malware Analysis Sandbox
Noriben is a Python-based script by Brian Baskin that works in conjunction with Sysinternals Procmon to automatically c…
Live Forensics & Memory Analysis
So you think you might have a compromised Windows system. If you do, where do you start? How would you review the memory of …
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
Dynamic-analysis techniques have become the linchpins of modern malware analysis. However, software-based methods have been …
Memory Forensics of Linux and Mac Systems
Here is Andrew Case’ presentation on memory forensics of Linux and Mac systems from Enfuse 2016. …
