Wednesday, August 19, 2020

Beginner's Guide to DFIR/Threat Hunting with VirusTotal Video Series

VirusTotal intelligence allowes threat researchers to search VirusTotal's dataset for malware samples, URLs, domains and IP addresses according to binary properties, antivirus detection verdicts, static features, behavior patterns such as communication with specific hosts or IP addresses, submission metadata and many other notions. Pinpoint files similar to your suspect being studied. Samples matching search criteria can be downloaded for further study.

In this video tutorial series I tried to explain how virus total can be used effectively to hunt threats from wild. This tutorial has following chapters.

  • An Introduction to VirusTotal
  • Introduction to VT Intelligence
  • VT Tags & AND OR NOT Search Operators 
  • Behaviour Based Search Modifiers
  • Live/Realtime Threat Hunting with Yara Rules
  • Basics of Incident Correlation with VT Graph

The full playlist can be found here


4 comments: