If you’re responding to a malware incident, you need to quickly derive relevant and actionable information about the malicious program and the context within which it was employed. This involves not only examining the specimen in your lab but also locating relevant publicly available details.
Lenny Zeltser shares several real-world examples, tools, and data sources for gathering such open source intelligence (OSINT), so you can benefit from previously discovered information and focus your time on new malware characteristics, pivot around data points to progress with your analysis of the malware sample, and broaden and deepen your understanding of the security incident’s context.
Lenny walks you along a breadcrumb trail that begins with a suspicious URL to determine its purpose and the nature of the organizations associated with it. Other examples look at suspicious Windows executables in an attempt to quickly assess their nature on the basis of publicly available details.
Join Lenny to expand your incident response and malware analysis skill-set and learn how to turn publicly available data about adversaries and their malicious programs into useful intelligence.
Lenny Zeltser is a seasoned business and tech leader with extensive experience in information technology and security. As a product management director at NCR Corp, he heads the software and services group that addresses customers’ data protection needs. He also trains professionals in digital forensics and malware combat at SANS Institute. Before NCR, Lenny led the enterprise security consulting practice at a major cloud services provider. Lenny’s expertise is strongest at the intersection of business, technology, and information security and includes incident response, cloud services, and product management. He frequently speaks at conferences, writes articles, and has coauthored books on network security and malicious software. Lenny is a member of the board of directors at SANS Technology Institute. He holds an MBA from MIT Sloan, a computer science degree from the University of Pennsylvania, and the prestigious GIAC Security Expert designation from SANS Institute.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com