Crowdsourced Malware Triage

Presented at BruCON 0x08 (2016), Oct. 28, 2016, 1:30 p.m. (240 minutes)

Malware triage is an important function in any mature incident response program; the process of quickly analyzing potentially malicious files or URLs to determine if your organization has exposure. But what if you don't have an incident response program? What if you are just setting one up? What if you don't have the tools you need to perform your analysis? With the current offering of free online tools and the right mindset, a web browser and a notepad may be all you need. In this workshop you will work through the triage of a live Exploit Kit using only free online tools. We will provide an introduction and demo of each tool and support you as you perform your analysis.

Presenters:

• Sean Wilson
  Sean is a senior researcher with PhishMe. He is also co-founder of Open Analysis, a group providing free malware analysis services and tools.
• Sergei Frankoff
  Sergei is the Director of Threat Intelligence for Sentrant. He is also co-founder of Open Analysis, a group providing free malware analysis services.

Links:

• https://brucon0x082016.sched.com/event/8YCH/crowdsourced-malware-triage

Similar Presentations:

• Kernelcon 2023 / Everything Everywhere All at Once - A Practical Guide to Alert Triage and Analysis.
• BruCON 0x07 (2015) / Crowdsourced Malware Triage Workshop - Making Sense of Malware with a Browser and a Notepad Workshop
• BruCON 0x09 (2017) / Malware Triage: Malscripts Are The New Exploit Kit Workshop