Explore a 23-minute video tutorial on performing rapid triage analysis using ANY.RUN, presented by Dr. Josh Stroschein. Learn how to gather crucial indicators of compromise from unknown files during incident response or malware analysis. Discover the benefits of using ANY.RUN's cloud-based sandbox environment for safe initial assessments. Follow along as Dr. Stroschein demonstrates submitting samples, running analyses, extending run-times, and utilizing the interactive desktop session. Gain insights into interpreting Suricata alerts, investigating HTTP request/response content, viewing DNS queries, and leveraging tags to speed up analysis. Explore process details, config extraction techniques for XOR encrypted URLs, and methods for summarizing IOCs. Enhance your understanding of malware behavior through process graphs and previous reporting. Perfect for cybersecurity professionals, reverse engineers, and ethical hackers looking to improve their malware analysis skills.
Overview
Syllabus
Today's sample
Public reports and tags
Submitting for public analysis
Running analysis
Extending analysis run-time
Interactive desktop session
Threats tab - aka Suricata alerts
Investigating HTTP request/response content
What we've found so far
Viewing DNS queries
Leveraging tags to speed up analysis
Process details
Config extraction - XOR encrypted URLs
Summarizing IOCs
Process graph
Enhancing understanding with previous reporting
Taught by
Dr Josh Stroschein
