YoVDO

Barncat - Using MISP for Bulk Surveillance of Malware

Offered By: Cooper via YouTube

Tags

Hack.lu Courses Cybersecurity Courses Malware Analysis Courses Threat Intelligence Courses MISP Courses

Course Description

Overview

Learn about using MISP (Malware Information Sharing Platform) for bulk surveillance of malware in this conference talk from the MISP Summit 2017. Explore the benefits of malware config ripping as an alternative to resource-intensive dynamic analysis. Discover the tools needed to get started and understand the potential applications of malware configurations, including sinkholing for victim notification. Examine sample data from DarkComet malware and analyze example configurations to gain deeper insights. Follow along as the speaker demonstrates how to dig deeper into malware campaigns and access the Barncat platform for enhanced threat intelligence. Gain valuable knowledge on leveraging MISP for more effective malware analysis and threat detection.

Syllabus

Barncat: Using MISP for Bulk Surveillance of Malware
Introduction • Manager of Threat Systems with Fidelis Cybersecurity
Malware Config Ripping - Dynamic analysis is good, but bin may not run correctly and is resource intensive
Your Starter Kit
What can you do with malware configs? • Sinkholing for victim notification is a possibility
Sample DarkComet Data
Example Config
What can you do with this?
Digging deeper
Dark Comet Campaign
Barncat Access


Taught by

Cooper

Related Courses

Proactive Computer Security
University of Colorado System via Coursera
Security in Office 365
Microsoft via edX
Threat Detection: Planning for a Secure Enterprise
Microsoft via edX
Cyber Threat Intelligence
IBM via Coursera
Security Analyst Fundamentals
IBM via Coursera