YoVDO

Barncat - Using MISP for Bulk Surveillance of Malware

Offered By: Cooper via YouTube

Tags

Hack.lu Courses Cybersecurity Courses Malware Analysis Courses Threat Intelligence Courses MISP Courses

Course Description

Overview

Learn about using MISP (Malware Information Sharing Platform) for bulk surveillance of malware in this conference talk from the MISP Summit 2017. Explore the benefits of malware config ripping as an alternative to resource-intensive dynamic analysis. Discover the tools needed to get started and understand the potential applications of malware configurations, including sinkholing for victim notification. Examine sample data from DarkComet malware and analyze example configurations to gain deeper insights. Follow along as the speaker demonstrates how to dig deeper into malware campaigns and access the Barncat platform for enhanced threat intelligence. Gain valuable knowledge on leveraging MISP for more effective malware analysis and threat detection.

Syllabus

Barncat: Using MISP for Bulk Surveillance of Malware
Introduction • Manager of Threat Systems with Fidelis Cybersecurity
Malware Config Ripping - Dynamic analysis is good, but bin may not run correctly and is resource intensive
Your Starter Kit
What can you do with malware configs? • Sinkholing for victim notification is a possibility
Sample DarkComet Data
Example Config
What can you do with this?
Digging deeper
Dark Comet Campaign
Barncat Access


Taught by

Cooper

Related Courses

Computer Security
Stanford University via Coursera
Cryptography II
Stanford University via Coursera
Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Building an Information Risk Management Toolkit
University of Washington via Coursera
Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network