In this post, an office document, a .doc file with macros, will be analyzed through the static and dynamic analysis of the sample in a controlled environment, in order to identify the actions carried out by the Emotet malware.
With the aim of increasing cybersecurity knowledge, INCIBE-CERT has published a series of webinars in video format, so that, in a light and entertaining way, knowledge and technical aspects of cybersecurity can be expanded in various areas of interest, for both INCIBE-CERT's technical audience and anyone interested in cybersecurity.
Today, it is common to find SIEM deployed in the IT infrastructures of all kinds of organisations, to be able to monitor and analyse security alerts in applications, systems, network devices, etc. However, though time and resources are being invested in industrial environments, it is still unresolved.
The honeypots, the recommended requirements for their correct implementation, the different possible types and their evolution until today, where they are implemented forming a honeynet.
Advances in security within control systems have brought us many of the security tools and services offered in IT for this environment. Until now, protection was based on reactive measures, acting only where there was evidence of the attack, but this trend changed with deployment of monitoring and the proactive defensive actions that this can provide.
Carrying out an intrusion test or vulnerability analysis in a control system can prove complex due to availability. This is where testbeds come into play. They reproduce production environments and can be of great assistance to researchers and security analysts
Traditionally, malware creates files, copies of itself or additional malware that is dropped into different locations of the system it compromises, able to do so with similar names to legitimate files, with the aim of being passed off for as long as possible.
When carrying a forensic analysis for mobile device , bearing in mind first and foremost the phases of acquisition and analysis of the evidence, it is necessary to know a wide range of methods, techniques and tools as well as the criteria necessary for being able to evaluate the suitability of using one versus another.