All news with #malware analysis tag

Preventing SOC Burnout with Real-Time Analysis and Automation

🛡️ SOC teams can reduce analyst burnout by replacing noisy alerts and manual chores with real-time behavioral context, automation, and integrated threat intelligence. Platforms such as ANY.RUN deliver interactive sandboxing that exposes full attack chains, automates human-like interactions (for example, solving CAPTCHAs and revealing hidden redirects), and pushes verified IOCs directly into SOC workflows. Organizations report up to 3× faster triage, fewer false positives, and a calmer, more resilient security operations center.

Mandiant Academy Basic Static and Dynamic Analysis

🛡️ Mandiant Academy’s new Basic Static and Dynamic Analysis course teaches foundational techniques for safely examining and triaging Windows binaries. The hands-on curriculum combines PE file inspection, metadata and strings extraction, and controlled execution in a provided virtual machine to observe behavior, network activity, and memory artifacts. No advanced programming prerequisites are required, though familiarity with command-line basics, hexadecimal data, and operating system concepts is recommended.

Closing Detection Gaps: A Continuous SOC Workflow Model

🛡️ SOC teams can close persistent detection gaps by adopting a continuous detection workflow that links early threat feeds, interactive sandboxing, and live threat lookups. ANY.RUN survey data shows unified stages deliver faster investigations, clearer triage, and reduced MTTR. Early filtering reduces Tier‑1 noise, sandboxes expose evasive payloads in realtime, and threat lookup provides historical context so analysts can validate and act with confidence.

Donut Shellcode: End-to-End Malware Analysis Tutorial

🧩 This Unit 42 tutorial walks analysts through a complete infection chain that uses Donut-generated shellcode, showing how a small position-independent routine computes its own base address via a call/pop/sub pattern and how that base drives payload offsets. The authors use step-by-step static and dynamic analysis with IDA Pro, x64dbg, dnSpy, and ProcessHacker to validate findings. Readers are shown common techniques such as dynamic API resolution, process injection, and AMSI bypass through memory patching, and are directed to a full PDF on the authors' GitHub for the complete walkthrough.

CISA Releases Thorium: Scalable Malware Analysis Platform

🛡️ CISA, in partnership with Sandia National Laboratories, released Thorium, an automated, scalable malware and forensic analysis platform that consolidates commercial, custom, and open-source tools into unified, automated workflows. Thorium is configured to ingest over 10 million files per hour per permission group and schedule more than 1,700 jobs per second, enabling rapid, large-scale binary and artifact analysis while maintaining fast query performance. It scales on Kubernetes with ScyllaDB, supports Dockerized tools and VM/bare-metal integrations, and enforces strict group-based access controls along with tag and full-text filtering for results.