Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • Using the Estimative Language Taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • Feeding Analysis Information Leak (AIL) Framework AIL Framework
  • External Analysis with VirusTotal Digital Forensics & Incident Response
  • Implementing Elastic Cloud and using Elastic Security Build
  • Building Structured Threat Intelligence (STIX) from FBI notices MISP - Open Source Threat Intelligence Platform
  • Building a Cuckoo Sandbox Build
  • OSINT for Threat Intelligence Blog
  • Extracting RAM from VirtualBox session Digital Forensics & Incident Response

Month: February 2021

Building a parallel-analysis Cuckoo server

Posted on February 27, 2021 By A.McHugh No Comments on Building a parallel-analysis Cuckoo server

Cuckoo’s dynamic malware analysis platform is pretty good out of the box. But how can we scale it to allow parallel processing of samples, particuarly where Cuckoo is part of a process driven analysis workflow? In this article we discuss parallel processing for Cuckoo with 5x Windows 7 VMs.

Digital Forensics & Incident Response

Cuckoo Dynamic Malware Analysis

Posted on February 22, 2021 By A.McHugh 1 Comment on Cuckoo Dynamic Malware Analysis

Cuckoo is an automated dynamic malware analysis platform which allows for the analysis of submitted artefacts within a range of custom configured guest operating systems.

Analysis environments may be created for Windows, Linux, MacOS and Android, with all manner of filetypes able to be analyzed through the Cuckoo platform. Including, executables, office documents, pdf files, emails, and even hands-on execution of malware with network connections able to be routed through Tor.

Read More “Cuckoo Dynamic Malware Analysis” »

Digital Forensics & Incident Response

External Analysis with VirusTotal

Posted on February 21, 2021 By A.McHugh 1 Comment on External Analysis with VirusTotal

VirusTotal is a subsidiary of Alphabet Inc. (which is also the parent company of Google). The service offers static and dynamic artefact analysis through a combination of free and paid tiers of access, as well as access to broader intelligence harvested from submissions and their own honeypots.

The Virustotal service is quite popular amongst the Information Security profession in performing quick analysis of artefacts, however there are some drawbacks and other aspects to consider before implementing VirusTotal as part of your DFIR stack of tools.

Read More “External Analysis with VirusTotal” »

Digital Forensics & Incident Response

Using MISP in a TraceLabs Missing Persons engagement

Posted on February 14, 2021 By A.McHugh No Comments on Using MISP in a TraceLabs Missing Persons engagement

MISP is certainly intended to be used like this, however, with some creativity and some technical effort, the MISP Threat Intelligence Platform could be utilized as a missing person’s intelligence database.

In this post, I will discuss a methodology in using MISP as the Intelligence Platform, and more traditional applications such as Maltego (and some custom transforms) to collect, enrich, and manage your intelligence.

Read More “Using MISP in a TraceLabs Missing Persons engagement” »

Blog, MISP - Open Source Threat Intelligence Platform

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • Threat hunting with Elasticsearch and Kibana (Part 1) Digital Forensics & Incident Response
  • TheHive 4.1.0 Deployment and Integration with MISP Build
  • External Analysis with VirusTotal Digital Forensics & Incident Response
  • Using the Data Classification Taxonomies in MISP MISP - Open Source Threat Intelligence Platform
  • Hardening TheHive4 and Cortex for public deployment Build
  • Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks. Digital Forensics & Incident Response
  • [Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises) Build
  • Loading Windows Event Logs to Elasticsearch Digital Forensics & Incident Response

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme