Wednesday, May 27, 2020

, , , , , ,

I did not know you could do X, Y, Z with VirusTotal

TL;DR: VirusTotal is hosting an EMEA webinar on June 4th showcasing our advanced threat enrichment and threat hunting capabilities, register for the webinar, it is free.

I did not know you could do X, Y, Z with VirusTotal”, this is the most common feedback that we hear coming from our users whenever we jump in calls, demos or give a talk at conferences. Our mission is to improve security for billions of users by coordinating and empowering distributed security teams, acting as the nexus of the security industry, and it is with you, our community of users, that we are able to execute on it.

Join our upcoming webinarSupercharging Your Security Operations with VirusTotal” where we will run you through a detailed and comprehensive overview of how VirusTotal can step up your security operations, from SOC Level 1 analysts confronted with IoCs for which they have very little context, to advanced threat hunters tracking state-sponsored attacks. Learn how VirusTotal can supercharge your team in regards to:

  • Security threat enrichment
  • Incident response
  • Threat hunting
  • Fraud and brand protection
Specifically, among other things, you will understand how:

  • A SOC level 1 analyst can use static information, crowdsourced metadata and inter-observable relationships generated by VirusTotal in order to confidently act on an alert, even when the pertinent IoC is fully undetected.
  • An incident responder can leverage file similarity search in order to map out an entire threat campaign and generate network IoCs to mitigate a breach or proactively defend his organization.
  • A threat hunter can automatically generate optimal YARA rules to track adversaries and pivot through the dataset to discover their TTPs.
  • A threat intel analyst can pivot over URLs, Domains and IPs to burn down threat campaigns not by studying the malware itself, but rather the CnC panels controlling it. Furthering such pivoting to uncover a specific threat actor operating a given cybercrime malware family. 
  • An ecrime/anti-fraud analyst can leverage network infrastructure searches to study phishing campaigns against a financial institution, and extend those searches into the file corpus in order to identify fraudulent apps impersonating his organization. 
  • Automate all of the above and start thinking about live data enrichment to step up your onion-layered security model and complement your security stack.
Knowledge is power, learn how malware operates so you can defend yourself against it.

Stay positive, remain resilient, fight the bad guys.