Malware Analysis: Malicious Activity Detection

Focused View

Josh Stroschein

1:47:20

11 View

1. Course Overview

1. Course Overview.mp4

01:14

2. Detecting Malicious Files with Yara

1. Course Introduction.mp4

03:20

2. Pillars of Detection.mp4

02:55

3. Getting Started with Yara.mp4

08:37

4. Demo Detecting Malware with Strings.mp4

09:16

5. Demo A Primer on .NET Binaries.mp4

03:53

6. Demo Detecting Malware from Code.mp4

09:40

7. Demo Validating Yara Rules.mp4

04:48

3. Creating Custom Network Alerts with Suricata

1. Network (Security) Monitoring.mp4

03:14

2. Network Alerts with Suricata.mp4

06:03

3. Matching Content.mp4

05:59

4. Demo Creating Custom Suricata Rules.mp4

09:13

5. Demo Expanding Basic Detections.mp4

07:52

6. Demo Detecting TLS Traffic.mp4

07:40

4. Exploring Log Detection with Sigma

1. Working with Sigma.mp4

03:21

2. Sigma Basics.mp4

04:10

3. Demo Detecting Initial Access Activity.mp4

07:31

4. Demo Rules for Persistence.mp4

03:24

5. Demo Finding Ransomware Activity.mp4

03:31

6. Course Wrap-up.mp4

01:39

Description

Threat actors are constantly changing their tactics and evolving their tools. This course will teach you how to create custom detections to detect and prevent emerging threats in your organization.

What You'll Learn?

Threat actors are constantly evolving their tactics, tools, and evasion techniques. In this course, Malware Analysis, Malicious Activity Detection, you’ll learn the skills necessary to utilize this information to create custom detections with Yara, Suricata, and Sigma. First, you’ll explore the use of Yara to detect malicious files. Yara enables you to stay on the cutting edge of detecting the newest file-based threats. Next, you’ll get hands-on with Suricata creating custom rules to alert to malicious or suspicious network traffic. As most malware will need to communicate outside of your network, monitoring the network can provide valuable insight into catching malicious activity. Finally you’ll dive into Sigma to create detections from endpoint log files. This will allow you to identify malicious activity based on behavioral data from your endpoints. When you’re finished with this course you’ll have the skills and knowledge necessary to create custom detections to defend your users and your organization.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Josh Stroschein

Instructor's Courses

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer at Google (Chronicle), where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.