aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2025-12-21 07:54:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

adding lab

Browse Source
This commit is contained in:
Amanda Rousseau
2017-03-21 16:57:36 -07:00
parent b746acc054
commit 2077c7216b
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
triage.md
View File

@@ -70,4 +70,16 @@ You will want to capture this information throughout your investigation either t
You can use the **Malware Analysis Report** template [HERE](https://securedorg.github.io/ReportForm.html)
## LAB 1
1. Run the Victim VM
2. Copy over the unknown file
3. Check the file header by opening the file in the hex editor **HxD**
* Notice the first 1 byte is **MZ** meaning it's a PE Binary
4. Now right click the file and select **CFF explorer** to check the PE header
* Note the imports it's using
5. Calculate the hash using **quickhash**, go to virustotal.com and search the hash
6. Open the file in **BinText** and record any interesting strings
[Section 3 <- Back](https://securedorg.github.io/RE101/section3) | [Next -> Section 5](https://securedorg.github.io/RE101/section5)