Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Practical Incident Response in Heterogenous Environment

via YouTube

Overview

Explore practical incident response techniques for heterogeneous environments in this BSides Detroit 2018 conference talk. Delve into the challenges of mass-triage in modern cybersecurity and learn about innovative tools like RIFT (Retrieve Interesting Files Tool) and FRAC (Forensic Response Acquisition). Discover the process of building Advanced Indicators of Compromise (AIOCs) through malware analysis, using Trojan.Bisonal as an example. Gain insights into YARA rules and their application in creating AIOCs. Examine the capabilities of ClamAV for malware detection, including custom rule creation, remote scanning, and forensic applications. Understand how to generate ClamAV signatures using IDA with CASC and explore the future direction of incident response methodologies.

Syllabus

Intro
The mass-triage problem in 2018
Traditional IOCs application
RIFT (Retrieve Interesting Files Tool)
FRAC (Forensic Response Acquisition): The Output
Malware analysis process to build AIOCs
Example: Poisonivy
AIOCs formalization process
Trojan.Bisonal resulting AIOC description
Trojan.Bisonal traffic
Bisonal Behavior
YARA RULES toward AIOCs
Clam AV: Intro
YARA Rules, AICs and ClamAV
Using ClamAV to Scan for Badness
Using ClamAV: Results Custom Rules - ClamAV
Using ClamAV: Results Custom Rules - Yara
Sigtool: ClamAV command line
Sigtool: Command explained
Generating ClamAV Signatures with IDA with CASC
Remote ClamAV scan with Psexec
Remote ClamAV scan with FRAC
ClamAV Bisonal - logic signature
ClamAV and Forensics
Where are we heading

Reviews

Start your review of Practical Incident Response in Heterogenous Environment

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.