Today, we delved into the fundamentals of malware analysis. We began by exploring various types of malware, including:
- Ransomware
- Viruses
- Worms
- Trojans
- Rootkits
- Adware
We then transitioned to practical analysis using VirusTotal, a powerful tool for examining files, URLs, IP addresses, and hashes. By uploading a file or entering a hash, VirusTotal aggregates results from multiple antivirus engines to assess potential threats.
In our exercise, we were provided with an MD5 hash to investigate. Our objectives included identifying:
- The file size
- The name of the malicious file
- The malware category
- Registry keys utilized by the malware
Building upon our initial analysis, we tackled a more complex challenge. This involved:
- Identifying the malware family
- Reviewing detections by various security vendors
- Determining the Process ID (PID) of the initial process spawned by the malware
Our final lab introduced us to Wazuh, an open-source security monitoring platform that serves as both an EDR and SIEM solution. Wazuh enables real-time threat detection, integrity monitoring, and incident response across various environments.
What I learned:
- Understanding the architecture of Wazuh, comprising a central manager and distributed agents
- Deploying and managing agents on endpoints to collect security data
- Analyzing logs from Windows and Linux systems to detect anomalies
- Utilizing Wazuh’s rule sets and decoders to generate meaningful alerts
- Interacting with Wazuh’s API for automation and extended functionality
As of now I’m almost finished with the Cybersecurity path 101 and I’m super excited to get into the Penetration testing path!
