🔴 Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data
HTML-код
- Опубликовано: 10 сен 2024
- Here it is, the inaugural episode of Malware Mondays! This series will provide a malicious artifact for you to analyze on Mondays, and a follow-on live stream on Friday to review that artifact. The goal will be to learn a specific tool, technique or a combination of the two. This weeks artifact can be found under the title of "MM01 - Analyzing ProcMon Data" at:
www.thecyberye...
This live stream will answer the analysis objectives and provide you with basic usage of ProcMon. If you're interested in seeing how I captured this data, make sure to check out this video for a "behind-the-scenes" look:
• MM#01 - Behind the Sce...
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 www.pluralsigh...
🌶️ RUclips 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 / joshstroschein
🌎 Follow me 👉🏻 / jstrosch , / joshstroschein
⚙️ Tinker with me on Github 👉🏻 github.com/jst...
05:03 Livestream begins
Thanks for sharing this, you are a fantastic teacher! Looking forward for more content 🦾
Thank you so much for the kind words and the support through the super thanks! This is my first one and really means a lot :) If there is anything else I can do, don't hesitate to reach out.
Thanks for sharing, your effort is very appreciated!
You're very welcome, glad to hear you enjoyed it!
Great explaination Sir, Thanks for the Knowledge sharing 👍
My pleasure 🙏
+1 for the liquid dnb at the beginning
Thanks! I have no real system to picking the music other than I think it sounds good :)
Thanks for another insight ❤.
You are so welcome
Awesome! Please, please continue the series!
Episode 4 is tomorrow :) Thanks for the feedback!
Great work!
Thanks!
Great stuff 👍
Wonderful content. Thanks, your explanations are very easy to understand. Keep it up please :)
Thanks, will do!
awesome
Thank you :)
Brilliant content !!
Thank you :)
great content but it is difficult to follow without known the passowrd to unzip the pcap.What is the password to unzip the pcap?
It's posted on the website where you download it - thecyberyeti
is there any way to spot process injection in procmon logs? @jstrosch
Not that I'm aware of with ProcMon. I've looked/asked around a bit and nothing has come up. If you do find something please let me know, I'd be happy to make a video out of it!
@@jstrosch never mind, I extensively looked for an answer in my past without any success ... probably there is no means at all.
Edit: Thanks btw
@@ghibbster Good to know we're at least finding the same lack of results... thanks for the update!
In the command line for Conhost.exe (3804) what does the parameter "0xffffffff -ForceV1" signify?
Here's a great answer on LinkedIn from a colleague - www.linkedin.com/posts/ryanjchapman_dfir-blueteam-cybersecurity-activity-7057458353047801857-_BVK/. This should answer your question!