Crowdsourced Malware Triage! (2 hours) presented at HackLu 2015

by Sean Wilson, Sergei Frankoff,

Summary : Malware triage is an important function in any mature incident response program; the process of quickly analyzing potentially malicious files or URLs to determine if your organization has exposure. But what if you don’t have an incident response program? What if you are just setting one up? What if you don’t have the tools you need to perform your analysis? With the current offering of free online tools and the right mindset, a web browser and a notepad may be all you need.
In this workshop you will work through the triage of a live Exploit Kit using only free online tools. We will provide an introduction and demo of each tool and support you as you perform your analysis.
This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you are a strong developer and understand web technologies such as Javascript and Flash you should have no problem completing the workshop.
In order to participate in this workshop you will need the following: - Laptop with a modern web browser and a text editor. - For the text editor Notepad.exe will work but you will have more fun if it has syntax highlighting. Try Notepad++ or SublimeText. - Good Internet connection!