🦠 Malware Analysis & Forensics MOC

🔬 Methodologies

• Malware Analysis, Static Analysis, Dynamic Analysis

🛠️ Tools

• Analysis: PEStudio, ProcMon, Regshot, VirusTotal, Sandboxes, Cyberchef, strings
• Metadata: ExifTool
• Detection: Yara, Zeek, RITA
• Network: Zeek - Network traffic to structured logs
• Integrity: debsums - Package integrity verification (Debian/Ubuntu)

📁 File Types & Techniques

• HTA (HTML Application)
• EXIF Metadata
• Living off the Land (LOLBAS), mshta.exe
• DNS Tunneling - Covert data exfiltration

🦠 Threats

• Ransomware, Spam, Phishing, Business Email Compromise, Typosquatting
• Rootkits - Stealth malware detection and analysis.
• SUID and SGID Permissions - Privilege escalation via special permissions.

🧪 Labs & Writeups

• Malware Analysis - Malhare.exe
• C2 Detection - Command & Carol - RITA & Zeek for C2 hunting