This talk will discuss actively following attacker exploit chains to capture malware for analysis. Actively pursuing malware will allow an accurate assessment of risk, assist with the development of counter measures, and allow the discovery of ‘indicators of compromise’ for incident response. Areas covered will include understanding attacker’s evasion and obfuscation techniques, collection of malware, and a discussion of deobfuscation/analysis tools and techniques.