Erinevus lehekülje "Malware:ITX8042:2015:LAB3" redaktsioonide vahel

Allikas: Kursused
Mine navigeerimisribale Mine otsikasti
(Uus lehekülg: '== LAB3 == ===Additional Reading + presentations!=== [ Slides for lab] === Exercise specifics are in slides === === Things to consider in exercise === *Find sha256 and md5...')
 
 
(ei näidata sama kasutaja üht vahepealset redaktsiooni)
3. rida: 3. rida:
 
===Additional Reading + presentations!===
 
===Additional Reading + presentations!===
  
[ Slides for lab]
+
[https://docs.google.com/presentation/d/1iJOwNmHqzjjxd5b5EJkvvhfyYXtGCi92LKZ5U6qIUGY/edit?usp=sharing  Slides for lab]
  
 
=== Exercise specifics  are in slides  ===
 
=== Exercise specifics  are in slides  ===
 +
 +
*"infected"
  
 
=== Things to consider in exercise ===
 
=== Things to consider in exercise ===
17. rida: 19. rida:
 
   https://www.metascan-online.com/
 
   https://www.metascan-online.com/
 
   https://malwr.com/
 
   https://malwr.com/
 +
  https://sandbox.pikker.ee/
 +
  
 
*Find at least 2 additional places for quick and dirty analysis
 
*Find at least 2 additional places for quick and dirty analysis
24. rida: 28. rida:
 
=== Things to present in report  ===
 
=== Things to present in report  ===
  
 +
*provide hass for downloaded file
 
*Describe where and how you found additional files/malware
 
*Describe where and how you found additional files/malware
 
*Provide hashes for each file  
 
*Provide hashes for each file  

Viimane redaktsioon: 17. september 2015, kell 21:24

LAB3

Additional Reading + presentations!

Slides for lab

Exercise specifics are in slides

  • "infected"

Things to consider in exercise

  • Find sha256 and md5
  • Search for it in the Virus Total
  • Strings analysis
  • Use two out of three for quick and dirty
  https://www.virustotal.com/
  https://www.metascan-online.com/
  https://malwr.com/
  https://sandbox.pikker.ee/ 


  • Find at least 2 additional places for quick and dirty analysis
  • Compare results


Things to present in report

  • provide hass for downloaded file
  • Describe where and how you found additional files/malware
  • Provide hashes for each file
  • Provide most common name for each file (Most of the files have multiple names)
  • List strings (from the strings command) that sound meaningful to you with reasons as to why
  • Provide links to the quick and dirty analysis
  • Document interesting features that you learned
  • Quick solution on how to fix without having anti-virus or reinstalling the system.