all InfoSec news
Detecting Suspicious API Usage with YARA Rules, (Fri, Apr 7th)
Malware Analysis, News and Indicators - Latest topics malware.news
YARA[1] is a beautiful tool for malware researchers and incident responders. No need to present it again. It became a standard tool to add to your arsenal. While teaching FOR610 (Malware Analysis & Reverse Engineering), a student asked me how to detect specific API calls with dangerous parameters during the triage phase. This phase will help you quickly assess the malware sample and help you decide how to perform the following steps.
Article Link: https://isc.sans.edu/diary/rss/29724
1 post - 1 participant …
amp analysis api arsenal detect engineering incident incident responders malware malware analysis researchers reverse reverse engineering rules standard student teaching tool triage yara yara rules