Posts

Showing posts from June, 2013

toolsmith: Visual Malware Analysis with ProcDOT

Image
Prerequisites/dependencies Process Monitor GraphViz Windows or Linux operating system
Introduction As I write this I’m sitting in the relative darkness of the HolisticInfoSec lab listening to Random Access Memories, the new release from Daft Punk, and literally freaking out over what Time magazine’s Jesse Dorris has glowingly referred to as a “sound for which the word epic seems to have been invented.” Follow me as I step way out on a limb and borrow from Dorris’ fine review to create a musical allegory for this month’s topic, ProcDOT. Dorris describes a “world in which the bounties of the past, present and future have been Tumblr’d together into a stunning data blur.”[1] I will attempt to make this connection with what ProcDOT’s author, CERT.at’s Christian Wojner, refers to as “an absolute must have tool for everyone's lab.” This is a righteous truth, dear reader; those malware analysts amongst you will feast on the scrumptious visual delight that ProcDOT creates. We’ve not discusse…