Wednesday, August 19, 2020

Beginner's Guide to DFIR/Threat Hunting with VirusTotal Video Series

VirusTotal intelligence allowes threat researchers to search VirusTotal's dataset for malware samples, URLs, domains and IP addresses according to binary properties, antivirus detection verdicts, static features, behavior patterns such as communication with specific hosts or IP addresses, submission metadata and many other notions. Pinpoint files similar to your suspect being studied. Samples matching search criteria can be downloaded for further study.

In this video tutorial series I tried to explain how virus total can be used effectively to hunt threats from wild. This tutorial has following chapters.

  • An Introduction to VirusTotal
  • Introduction to VT Intelligence
  • VT Tags & AND OR NOT Search Operators 
  • Behaviour Based Search Modifiers
  • Live/Realtime Threat Hunting with Yara Rules
  • Basics of Incident Correlation with VT Graph

The full playlist can be found here


Tuesday, August 4, 2020

IDA Pro Video Tutorial Series for Vulnerability Researchers & Reverse Engineers[Beginners]

IDA Pro is a disassembler. A disassembler like IDA Pro is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation called assembly language. 

Reverse Engineering Malware, Part 3: IDA Pro Introduction

I recently started a new video tutorial series on IDA Pro for beginner reverse engineers and vulnerability researchers in specific. 

So far the i've covered follwing topics: The entire playlist can be found here.

  • Reverse Engineering Tutorial with IDA Pro – An Introduction
  • Reverse Engineering with IDA Pro – Fixing/Rebuilding Structure/Structs (Pseudocode)
  • C++ Reverse Engineering with IDA Pro – Rebuilding virtual function table (vftable)
  • Reverse Engineering with IDA Pro – Function Cross Reference & Proximity Browser 
  • Reverse Engineering IDA Pro – How to do Binary Diffing - Patch Analysis
  • Reverse Engineering IDA Pro- Code Coverage Measurement with Dynamo Rio & Lighthouse

Just because I make a video guides, doesn't mean I know everything, please feel free to correct me if I'm wrong at any point :-) I will be more than happy to learn from you :)