SOC100 C22 - Asymmetric, Cyberchef & Windows Triage Malware Analysis Start - What is a Process?
We're taking you from navigating the Windows start menu to triaging Tier 1 SOC Analyst tickets by live stream instructing every piece of content from the pay what you can (PWYC) 400+ hour SOC100 course series over 5 months. Recordings free, and course is minimum $19, suggested $29 with virtual machines provided and lab time.
Full playlist: • SOC100 Full Playlist
Full course info 👉 https://www.leveleffect.com/soc100
Stream calendar 🗓️ https://docs.google.com/spreadsheets/...
Stream Details:
Class 22
Course: SOC100-2
Domain: Cryptography & Windows Triage Malware Analysis
Website: https://leveleffect.com
Discord: / discord
Twitch: / leveleffect
Newsletter & Blog: https://news.leveleffect.com/
LinkedIn: / leveleffect
Timestamps:
00:00:00 - Morning greetings: "Low Battery Sunday" chat engagement and community interactions.
00:09:59 - Agenda overview: Wrapping up cryptography, asymmetric encryption, digital certificates, and starting Windows triage.
00:10:41 - Introduction to CyberChef: A recipe-based cryptographic and encoding tool.
00:12:03 - Review of symmetric encryption from the previous session: Key takeaways and lab recap.
Cryptography Wrap-Up
00:15:06 - Demonstration: Encrypting and decrypting with OpenSSL using AES-128 ECB.
00:16:34 - Understanding symmetric encryption: One key for encryption and decryption.
00:17:43 - The role of hashing in verifying data integrity: One-way function recap.
00:19:23 - Discussion: Hashing is a one-way process; variable input yields fixed output.
00:20:51 - Encoding vs. encryption recap: Compatibility, integrity, and preventing data loss during transfer.
00:25:47 - Lab: Full encryption-to-decryption sequence and integrity validation with MD5 checksums.
00:34:40 - Transition to hashing: Irreversible transformations for verifying data consistency.
00:35:42 - "Cracked egg" analogy for hashing: Illustrating the one-way nature of the process.
00:39:54 - Verifying input integrity with hashing and MD5 sums.
00:43:13 - Base64 encoding: Compatibility for transferring encrypted data.
00:50:19 - Introduction to asymmetric encryption: Generating private and public keys.
00:51:19 - Diffie-Hellman exchange: Establishing a secure pre-master secret.
00:56:43 - Practical lab: Encrypting with the public key and decrypting with the private key.
Digital Certificates and Signatures
01:05:42 - Digital signatures: Ensuring authenticity and integrity through private key signing.
01:09:46 - Signing messages with a private key using SHA-256.
01:17:45 - Verification of digital signatures using public keys: Authenticity demonstration.
01:21:17 - Failure of verification: Demonstrating integrity loss when files are tampered with.
01:31:26 - Importance of digital certificates for verifying the origin of public keys.
01:33:11 - Generating a digital certificate: The role of X.509 format and authenticity.
01:36:58 - Exploring browser certificates: Secure website validation and chain of trust.
01:39:48 - Final cryptography recap: Public key cryptography, hashing, and certificates.
CyberChef Demonstration
01:46:02 - Introduction to CyberChef: Hands-on with encoding, decoding, and recipes.
01:51:24 - Lab activity: Encoding messages in Base64 and decoding with CyberChef.
01:57:28 - Obfuscation demonstration: Decoding multi-layered encrypted data.
02:00:58 - Threat actor techniques: Hiding malicious commands within encoded layers.
Transition to Windows Triage & Malware Analysis
02:16:52 - Expectations for the next module: Hashing, encoding, and cryptographic applications in malware analysis.
02:18:43 - Encouragement to focus on foundational concepts before exploring deeper cryptographic math.
02:21:10 - Introduction to Windows Triage: Detecting malware through process analysis and memory dumps.
02:25:30 - Setting up the lab environment: Preparing Windows VMs and analysis tools.
02:29:17 - Memory dumps explained: Identifying malicious processes and patterns.
02:33:48 - Using sysmon: Enhanced visibility into Windows system events.
02:39:15 - Lab activity: Analyzing Windows processes and spotting anomalies.
02:45:20 - Persistence mechanisms: Scheduled tasks and registry changes.
03:50:12 - Key takeaways: Importance of conceptual understanding in cryptography and Windows triage.
03:53:10 - Next session preview: Diving deeper into Windows malware analysis and incident response.
Watch video SOC100 C22 - Asymmetric, Cyberchef & Windows Triage Malware Analysis Start - What is a Process? online, duration hours minute second in high quality that is uploaded to the channel Level Effect 16 January 2025. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 107 times and liked it 3 visitors.
