Malware Analysis - I need some malware
CyberCop123
Member Posts: 338 ■■■■□□□□□□
in Forensics
I work in digital forensics and also do some incident response. I'm looking to get more into a dedicated IR role and many jobs ask for some malware knowledge. I have some initial triaging and basics stuff, but would like to learn a bit more.
I'd like to ideally download some malware to my VM to start looking at and analysing, to use as a test study.
Is there any Malware Analysts out there that can advise on a good starting point?
I know basic things like looking at :
I'd like to ideally download some malware to my VM to start looking at and analysing, to use as a test study.
Is there any Malware Analysts out there that can advise on a good starting point?
I know basic things like looking at :
- Hash value of the malware
- Running through strings
- identifying packer with PeID
- Static vs Dynamic analysis
- Running it and looking at:
- Ports
- Processes
- Autoruns
- Scheduled tasks
- Registry changes
- New Users
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
Comments
-
SteveLavoie
Member Posts: 1,133 ■■■■■■■■■□
I have done a few CBT on Malware analysis and I am at the same point as you. What I am doing is that I redirect all catched malicious email from my company antispam to a special mailbox. It give me a lot of actual hands on stuff. -
N7Valiant
Member Posts: 363 ■■■■□□□□□□
Just search through "adult movie" sites.
Not joking, seems like every serious malware problem I encounter can be traced back to them.OSCP
MCSE: Core Infrastructure
MCSA: Windows Server 2016
CompTIA A+ | Network+ | Security+ CE -
NotHackingYou
Member Posts: 1,460 ■■■■■■■■□□
Get an account on hybrid analysis and you can download samplesWhen you go the extra mile, there's no traffic.
-
meni0n
Member Posts: 68 ■■■□□□□□□□
Search for theZoo on github. Make sure to grab some **** sheets from Lenny Zeltser's site as well.
-
Mike7
Member Posts: 1,107 ■■■■□□□□□□
From the primary author of SANS FOR610 Malware Reverse Engineering course
https://zeltser.com/malware-sample-sources/ -
636-555-3226
Member Posts: 975 ■■■■■□□□□□
testmyav.com has a daily bunch. need to link it with your linkedin account. mine's been linked for awhile with no obvious spam or junk mail changes.
https://twitter.com/malware_traffic has regular postings with files, including the malware. -
tedjames
Member Posts: 1,182 ■■■■■■■■□□
Just search through "adult movie" sites.
Not joking, seems like every serious malware problem I encounter can be traced back to them.
You should stay away from those sites, then...
Seriously, it's true. -
N7Valiant
Member Posts: 363 ■■■■□□□□□□
Never said I was the one who had the malware.You should stay away from those sites, then...
Seriously, it's true.
It's usually a client who, for some reason, lets employees browse those sites on company computers.OSCP
MCSE: Core Infrastructure
MCSA: Windows Server 2016
CompTIA A+ | Network+ | Security+ CE -
tedjames
Member Posts: 1,182 ■■■■■■■■□□
I know. I was joking. They should be blocking these sites. Of course, new malicious sites pop up every day.
I seem to remember a Carnegie Mellon site that posts actual phishing emails. The site included a warning, stating that these emails are not safe and that the links are malicious.
