SOC100 C22 - Asymmetric, Cyberchef & Windows Triage Malware Analysis Start - What is a Process?
We're taking you from navigating the Windows start menu to triaging Tier 1 SOC Analyst tickets by live stream instructing every piece of content from the pay what you can (PWYC) 400+ hour SOC100 course series over 5 months. Recordings free, and course is minimum $19, suggested $29 with virtual machines provided and lab time.
Full playlist: • SOC100 Full Playlist
Full course info 👉 https://www.leveleffect.com/soc100
Stream calendar 🗓️ https://docs.google.com/spreadsheets/...
Stream Details:
Class 22
Course: SOC100-2
Domain: Cryptography & Windows Triage Malware Analysis
Website: https://leveleffect.com
Discord: / discord
Twitch: / leveleffect
Newsletter & Blog: https://news.leveleffect.com/
LinkedIn: / leveleffect
Timestamps:
00:00:00 - Morning greetings: "Low Battery Sunday" chat engagement and community interactions.
00:09:59 - Agenda overview: Wrapping up cryptography, asymmetric encryption, digital certificates, and starting Windows triage.
00:10:41 - Introduction to CyberChef: A recipe-based cryptographic and encoding tool.
00:12:03 - Review of symmetric encryption from the previous session: Key takeaways and lab recap.
Cryptography Wrap-Up
00:15:06 - Demonstration: Encrypting and decrypting with OpenSSL using AES-128 ECB.
00:16:34 - Understanding symmetric encryption: One key for encryption and decryption.
00:17:43 - The role of hashing in verifying data integrity: One-way function recap.
00:19:23 - Discussion: Hashing is a one-way process; variable input yields fixed output.
00:20:51 - Encoding vs. encryption recap: Compatibility, integrity, and preventing data loss during transfer.
00:25:47 - Lab: Full encryption-to-decryption sequence and integrity validation with MD5 checksums.
00:34:40 - Transition to hashing: Irreversible transformations for verifying data consistency.
00:35:42 - "Cracked egg" analogy for hashing: Illustrating the one-way nature of the process.
00:39:54 - Verifying input integrity with hashing and MD5 sums.
00:43:13 - Base64 encoding: Compatibility for transferring encrypted data.
00:50:19 - Introduction to asymmetric encryption: Generating private and public keys.
00:51:19 - Diffie-Hellman exchange: Establishing a secure pre-master secret.
00:56:43 - Practical lab: Encrypting with the public key and decrypting with the private key.
Digital Certificates and Signatures
01:05:42 - Digital signatures: Ensuring authenticity and integrity through private key signing.
01:09:46 - Signing messages with a private key using SHA-256.
01:17:45 - Verification of digital signatures using public keys: Authenticity demonstration.
01:21:17 - Failure of verification: Demonstrating integrity loss when files are tampered with.
01:31:26 - Importance of digital certificates for verifying the origin of public keys.
01:33:11 - Generating a digital certificate: The role of X.509 format and authenticity.
01:36:58 - Exploring browser certificates: Secure website validation and chain of trust.
01:39:48 - Final cryptography recap: Public key cryptography, hashing, and certificates.
CyberChef Demonstration
01:46:02 - Introduction to CyberChef: Hands-on with encoding, decoding, and recipes.
01:51:24 - Lab activity: Encoding messages in Base64 and decoding with CyberChef.
01:57:28 - Obfuscation demonstration: Decoding multi-layered encrypted data.
02:00:58 - Threat actor techniques: Hiding malicious commands within encoded layers.
Transition to Windows Triage & Malware Analysis
02:16:52 - Expectations for the next module: Hashing, encoding, and cryptographic applications in malware analysis.
02:18:43 - Encouragement to focus on foundational concepts before exploring deeper cryptographic math.
02:21:10 - Introduction to Windows Triage: Detecting malware through process analysis and memory dumps.
02:25:30 - Setting up the lab environment: Preparing Windows VMs and analysis tools.
02:29:17 - Memory dumps explained: Identifying malicious processes and patterns.
02:33:48 - Using sysmon: Enhanced visibility into Windows system events.
02:39:15 - Lab activity: Analyzing Windows processes and spotting anomalies.
02:45:20 - Persistence mechanisms: Scheduled tasks and registry changes.
03:50:12 - Key takeaways: Importance of conceptual understanding in cryptography and Windows triage.
03:53:10 - Next session preview: Diving deeper into Windows malware analysis and incident response.
Смотрите видео SOC100 C22 - Asymmetric, Cyberchef & Windows Triage Malware Analysis Start - What is a Process? онлайн, длительностью часов минут секунд в хорошем качестве, которое загружено на канал Level Effect 16 Январь 2025. Делитесь ссылкой на видео в социальных сетях, чтобы ваши подписчики и друзья так же посмотрели это видео. Данный видеоклип посмотрели 107 раз и оно понравилось 3 посетителям.
