Posts

  • Microsoft Teams Logs for Activity

    Occasionally, my office is tasked with validating users at-computer activity or lack thereof in response to a security incident, manager suspicions, or possible timecard fraud. Short of having spyware installed on endpoints, we have to look to available logs to help identify when a user was or was not at their computer. In looking for options, I noted a very verbose set of events in the Microsoft Teams logs that can help us in these taskings.

  • Building a Malware Analysis Lab

    There are a wide variety of methods and tools to use in a malware analysis lab, depending on what you want to be able to do. I’d like to share how I’ve created mine and explain some of the features. My lab is used for some basic static analysis and well-rounded dynamic analysis, while leveraging the power of Virtual Machines (VM). I have used this setup on my daily driver laptop, a stand-alone Out-Of-Band laptop for work, and a dedicated VM server I have at home.

  • How I use Any.Run

    Any.Run is a relatively new online sandbox analysis application that is used to run suspicious executables or visit websites, and records system and network level activity. The creators of this service have provided a free version with tons of great features available. There is a subscription service to unlock even more features, however for my purposes the free version works just fine. In this post I will share the two different ways I use this powerful tool.

  • Deeper analysis through PowerShell decoding

    Often times malware analysis is considered complete when you run the badness in a sandboxed VM and gather the network IOCs observed. However, we can gain a better list of indicators by spending a little extra time on our analysis, as I hope this post will demonstrate as I walk through some simple PowerShell decoding.

subscribe via RSS