Blowing Cobalt Strike Out of the Water With Memory Analysis
Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process...
View ArticleNavigating the Vast Ocean of Sandbox Evasions
After creating a bespoke sandbox environment, we discuss techniques used to target malware evasions with memory detection and more. The post Navigating the Vast Ocean of Sandbox Evasions appeared first...
View ArticleMachine Learning Versus Memory Resident Evil
Malware detection accuracy through memory detection and other tools highlights how to counter increasingly evasive malware types. The post Machine Learning Versus Memory Resident Evil appeared first on...
View ArticleTailoring Sandbox Techniques to Hidden Threats
Techniques such as dependency emulation and analysis of encrypted network traffic can help detect malware samples that would not normally execute in a sandbox environment. The post Tailoring Sandbox...
View ArticleTeasing the Secrets From Threat Actors: Malware Configuration Parsing at Scale
Configuration data – which is historically tricky to parse – can be parsed directly from memory. We use the information-stealer IcedID as an example to cover the technique. The post Teasing the Secrets...
View Article
