🔴 Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data

Поделиться
HTML-код
  • Опубликовано: 10 сен 2024
  • Here it is, the inaugural episode of Malware Mondays! This series will provide a malicious artifact for you to analyze on Mondays, and a follow-on live stream on Friday to review that artifact. The goal will be to learn a specific tool, technique or a combination of the two. This weeks artifact can be found under the title of "MM01 - Analyzing ProcMon Data" at:
    www.thecyberye...
    This live stream will answer the analysis objectives and provide you with basic usage of ProcMon. If you're interested in seeing how I captured this data, make sure to check out this video for a "behind-the-scenes" look:
    • MM#01 - Behind the Sce...
    Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
    🎓 Courses on Pluralsight 👉🏻 www.pluralsigh...
    🌶️ RUclips 👉🏻 Like, Comment & Subscribe!
    🙏🏻 Support my work 👉🏻 / joshstroschein
    🌎 Follow me 👉🏻 / jstrosch , / joshstroschein
    ⚙️ Tinker with me on Github 👉🏻 github.com/jst...
    05:03 Livestream begins

Комментарии • 29

  • @tar.gzip.malware
    @tar.gzip.malware 5 месяцев назад +3

    Thanks for sharing this, you are a fantastic teacher! Looking forward for more content 🦾

    • @jstrosch
      @jstrosch  5 месяцев назад

      Thank you so much for the kind words and the support through the super thanks! This is my first one and really means a lot :) If there is anything else I can do, don't hesitate to reach out.

  • @tar.gzip.malware
    @tar.gzip.malware 5 месяцев назад +4

    Thanks for sharing, your effort is very appreciated!

    • @jstrosch
      @jstrosch  5 месяцев назад +1

      You're very welcome, glad to hear you enjoyed it!

  • @manjunathdeewatagi7728
    @manjunathdeewatagi7728 Месяц назад +1

    Great explaination Sir, Thanks for the Knowledge sharing 👍

    • @jstrosch
      @jstrosch  Месяц назад

      My pleasure 🙏

  • @PygArguss
    @PygArguss 5 месяцев назад +2

    +1 for the liquid dnb at the beginning

    • @jstrosch
      @jstrosch  5 месяцев назад +1

      Thanks! I have no real system to picking the music other than I think it sounds good :)

  • @Hartley94
    @Hartley94 5 месяцев назад +3

    Thanks for another insight ❤.

    • @jstrosch
      @jstrosch  5 месяцев назад +1

      You are so welcome

  • @bluebadgersec
    @bluebadgersec 4 месяца назад +1

    Awesome! Please, please continue the series!

    • @jstrosch
      @jstrosch  2 месяца назад +1

      Episode 4 is tomorrow :) Thanks for the feedback!

  • @cyber_chrisp
    @cyber_chrisp 5 месяцев назад +2

    Great work!

  • @Cochise85
    @Cochise85 3 месяца назад

    Great stuff 👍

  • @md.mahimbinfirojavi9676
    @md.mahimbinfirojavi9676 3 месяца назад +1

    Wonderful content. Thanks, your explanations are very easy to understand. Keep it up please :)

    • @jstrosch
      @jstrosch  2 месяца назад

      Thanks, will do!

  • @johnnywilliams2641
    @johnnywilliams2641 5 месяцев назад +3

    awesome

    • @jstrosch
      @jstrosch  5 месяцев назад +1

      Thank you :)

  • @Manavetri
    @Manavetri 4 месяца назад +1

    Brilliant content !!

    • @jstrosch
      @jstrosch  4 месяца назад

      Thank you :)

  • @user-wf3to8uw1m
    @user-wf3to8uw1m 3 месяца назад +1

    great content but it is difficult to follow without known the passowrd to unzip the pcap.What is the password to unzip the pcap?

    • @jstrosch
      @jstrosch  2 месяца назад

      It's posted on the website where you download it - thecyberyeti

  • @ghibbster
    @ghibbster 5 месяцев назад +2

    is there any way to spot process injection in procmon logs? @jstrosch

    • @jstrosch
      @jstrosch  5 месяцев назад +2

      Not that I'm aware of with ProcMon. I've looked/asked around a bit and nothing has come up. If you do find something please let me know, I'd be happy to make a video out of it!

    • @ghibbster
      @ghibbster 5 месяцев назад +2

      @@jstrosch never mind, I extensively looked for an answer in my past without any success ... probably there is no means at all.
      Edit: Thanks btw

    • @jstrosch
      @jstrosch  5 месяцев назад +1

      @@ghibbster Good to know we're at least finding the same lack of results... thanks for the update!

  • @user-ik5fk6qn4z
    @user-ik5fk6qn4z 5 месяцев назад +1

    In the command line for Conhost.exe (3804) what does the parameter "0xffffffff -ForceV1" signify?

    • @jstrosch
      @jstrosch  5 месяцев назад

      Here's a great answer on LinkedIn from a colleague - www.linkedin.com/posts/ryanjchapman_dfir-blueteam-cybersecurity-activity-7057458353047801857-_BVK/. This should answer your question!