Malware:ITX8042:2014:LAB3

Allikas: Kursused
Redaktsioon seisuga 24. september 2014, kell 20:13 kasutajalt Toomas (arutelu | kaastöö) (Uus lehekülg: '== LAB3 == ===Additional Reading + presentations!=== [https://docs.google.com/presentation/d/1uelV4BKcJXknrMamF2tQFLl1oaSjcYGpmWs8q1kkgv8/edit?usp=sharing Slides for lab] === ...')
(erin) ←Vanem redaktsioon | Viimane redaktsiooni (erin) | Uuem redaktsioon→ (erin)
Mine navigeerimisribale Mine otsikasti

LAB3

Additional Reading + presentations!

Slides for lab

Exercise specifics are in slides

Things to consider in exercise

  • File Has sha 256 and md5
  • Search it in Virus Total
  • strings analysis
  • Use two out of three for quick and dirty
     https://www.virustotal.com/
     https://www.metascan-online.com/
     https://malwr.com/
  • Find at least 2 additional places for quick and dirty analysis
  • Compare results


Things to present in report

  • Where and how you found additional file
  • Hashes for each file
  • Most common name (each name differently but what was most common known name) for each file
  • Strings that sound meanigful for you and why
  • Links to quick and dirty analysis
  • Interesting features that you have learned.
  • Quick solution how to fix without having anti-virus.