tag:blogger.com,1999:blog-4080617372940068027.post4298486086277863662..comments2024-03-13T01:32:25.097-04:00Comments on Journey Into Incident Response: From Malware Analysis to Portable Clam AVCorey Harrellhttp://www.blogger.com/profile/15008629321023489214noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-4080617372940068027.post-58305550949119971442012-09-25T14:06:32.239-04:002012-09-25T14:06:32.239-04:00Another excellent post, Corey. I always learn from...Another excellent post, Corey. I always learn from your blog, so thanks for sharing!<br />KPKen Pryorhttps://www.blogger.com/profile/06777221347861058406noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-62192444209501415092012-09-19T09:25:17.101-04:002012-09-19T09:25:17.101-04:00Ah, okay, so this is where threat intel is importa...Ah, okay, so this is where threat intel is important. While not pertinent to your post, it is pertinent to the overall analysis of threats; when a sample is provided for analysis, there needs to be some modicum of intel collected from the host...infection vector, persistence mechanism, etc.<br /><br />I don't want to detract from your excellent post and take it off-topic, so I'll leave it at that...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-46190262537216937542012-09-19T07:40:37.802-04:002012-09-19T07:40:37.802-04:00The sample itself didn't create a persistence ...The sample itself didn't create a persistence mechanism. Pretty much all it does is capture data and store it in a log file.Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-39089982175049080732012-09-19T07:33:12.834-04:002012-09-19T07:33:12.834-04:00Corey,
What's the persistence mechanism for t...Corey,<br /><br />What's the persistence mechanism for this? Does it have one?H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com