Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Kenya CyberSecurity & Forensics Association: KCSFA Profile picture
@kcsfa
Aug 27, 2021 5 tweets 2 min read Read on X
Malware Analysis Tools
Here are some of the free tools for analyzing a malware.
1. Process Hacker- observers running processes
Process monitor- records local system interactions
2. ProcDOT - cleans up and visualizes process monitor data
3. Wireshark - records network activity Image
4. Magnetic ram capture – creating memory dumps
5. IDA Pro – is a code analysis tool useful in reverse engineering malwares.
6. What’s Running - is a scanning tool that shows currently active programs, processes, services, modules and network connections.
7. Directory Monitor - is a tool used for the surveillance of directories and/or network shares and will notify you of file changes, access, deletions, modifications new files on real time
8. RegScanner - a tool that enables you to scan the registry
9. Capsa Network Analyzer- records network activity
10. Virtual lab – an environment for setting up the malware analysis with the tools needed
11. Mandiant RedLine - is analyzing malicious activity through memory and file analysis and development of a threat assessment profile.
10. Volatility - is a memory forensics framework for malware analysis. With this tool, you can extract information from running processes, network sockets, network connection, DLLs and registry hives.
11. Remnus - a Linux distro with tools for malware analysis ImageImage

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kenya CyberSecurity & Forensics Association: KCSFA

Kenya CyberSecurity & Forensics Association: KCSFA Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @kcsfa

Kenya CyberSecurity & Forensics Association: KCSFA Profile picture
Dec 19, 2022
A Security Operations Centre is an organizational framework for security. It combines many components of a robust security environment, including people, processes, and tools that can detect, respond, and analyze security threats.
SOCs run 24 hours a day, seven days a week, with security analysts interacting with environmental data to watch for emerging threats and respond as required.
Along with the technology components, a SOC leverages several levels of cybersecurity analysts.
They are broken up into tiers and manage different tasks based on their experience.
Tier 1 (Triager): An entry-level position that works on the front lines of the SOC, typically triaging and prioritizing the hundreds of alerts that get set.
Read 7 tweets
Kenya CyberSecurity & Forensics Association: KCSFA Profile picture
Feb 4, 2022
In today's post, we will look at the benefits of having a strong threat intelligence infrastructure in any organization:
1. Threat analysis - You will be able to learn the patterns that attackers use to compromise your system(s). This will greatly aid in countering them properly
2. Security operations - You can be able to set up and correctly configure various security systems after learning about the scope of items in the threat intelligence research materials you have gathered.
3. Vulnerability management - You can decide to handle the risks that come along with various vulnerabilities via various strategies such as handling, transferring or handling the risks obtained.
Read 4 tweets
Kenya CyberSecurity & Forensics Association: KCSFA Profile picture
Feb 4, 2022
Here are some opensource tools for Cyber threat intelligence that you can utilize;
1. SIEM (security information and event management) for network monitoring needs. A SIEM (like Wazuh, AlienVault, Zeek, etc.) is a tool for monitor network traffic and log files in real time and
allow response to incoming threats.
2. HoneyDB provides real time data of honeypot activity. This data comes from honeypots deployed on the Internet using the HoneyPy honeypot. In addition, HoneyDB provides API access to collected honeypot activity,
which also includes aggregated data from various honeypot Twitter feeds.
3. Infosec - CERT-PA is an online repository that contains Malware samples collection and analysis, blocklist service, vulnerabilities database and more. Other similar tools include VirusShare, etc.
Read 8 tweets
Kenya CyberSecurity & Forensics Association: KCSFA Profile picture
Feb 3, 2022
Organizations mostly source threat intelligence from third-party providers. By Purchasing this service without using the info to proactively protect your network is like buying a book and expecting to learn the information without reading it.
Here are things that can help organizations use threat intelligence more productively.
1. Define what is important ensure that it’s tailored to fit your needs in order to receive the benefit by receiving applicable content to effectively risk profile your business.
There is no point in receiving threat information about attacks on SQL database servers if your organization doesn’t use that kind of server.
2. Be willing to share its common that security information is not shared not within departments or groups, let alone between companies.
Read 6 tweets
Kenya CyberSecurity & Forensics Association: KCSFA Profile picture
Feb 2, 2022
Did you know that cyber threat intelligence is an on-going, circular process or cycle rather than an end-to-end process as threat actors never stop developing and testing new techniques for their exploitation.
As such, the threat intelligence cycle involves the following steps; Image
1. Planning and direction: Data requirements must first be defined by defining what information is needed to make informed decisions in the shortest time. This helps define objectives that are based on evidence gathered, such as the nature of the attack, what was compromised etc.
2. Collection: Large quantities of raw data is collected from internal and external threat intelligence sources, such as audit logs, IP addresses, physical devices, chat rooms, articles blogs, etc.
3. Processing: Raw data is filtered, categorized, and organized.
Read 5 tweets
Kenya CyberSecurity & Forensics Association: KCSFA Profile picture
Jan 7, 2022
Today we are going to cover Azure Active Directory.

Azure AD is not simply a cloud version of AD as the name might suggest. Although it performs some of the same functions, it is quite different.

🧵👇
Azure Active Directory is a secure online authentication store, which can contain users and groups. Users have a username and a password which are used when you sign into an application that uses Azure AD for authentication...
...So for example all of the Microsoft Cloud services use Azure AD for authentication: Office 365, Dynamics 365, and Azure. If you have Office 365, you are already using Azure AD under the covers.😉
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(