For example, the sandboxes Cuckoo or Anubis run the malware in a secure environment and get a network traffic capture to help us to achieve this goal “to fight against the malware”. For this reason, there are some new technologies like Sandboxes where you can run the suspicious files in order to study their behaviour. Get familiarized with the Internet Protocols and modern malware.Īs you know, the modern malware or APTs are winning the match to the Antivirus manufacturers.Get familiarized with the network devices.How to create a map report with connections established in the capture data.How to detect exploits and malware in an incident handle.How to get information about how malware works.How to detect attacks and more details from a pcap file with an IDS system.How to use Virustotal and Wireshark in a real incident.Useful tools to aid in getting/analyzing traffic captures.Sites in your network where you can get traffic captures.Sometimes it is easier to detect infected hosts looking at their behaviour in our network if we analyze the network traffic than using an Antivirus running on the host… Also the majority of them make connections with the Command and Control servers to get the instructions of the hackers. These Zero-Days attacks take advantages of unknown vulnerabilities of for example Adobe or Flash player plugins installed in the web browser to download and install malware which has not been recognized yet.
Also, there are a lot of Zero-Days attacks which are being used to infect millions of computers just visiting a website. We could say that we live an era where the signature-based Antivirus has less sense if we want to fight against hackers who are creating customized malware only for their targets.
0 kommentar(er)
