Introduction

[SecurityAnalyst]

Hi, MT.

I'm a British security analyst, mainly working with various SIEM solutions for an un-named national healthcare provider... I'm keen to understand malware on a more technical level. I'd be happy to hear suggestions on tools and resources!

Looking forward to getting to know you all

SecAn

 

[maximus]

Welcome to MT

 

[Winter Soldier]

Welcome! Enjoy your stay

 

[Rengar]

Welcome, enjoy your stay.

 

[Overlord]

Welcome to MT.

 

[lab34]

Hello, and a big welcome !

 

[frogboy]

Hello and welcome to MalwareTips. I hope you enjoy the forums.

 

[ahity]

welcome to MT! this forum are have much trick you can learn.. love this site

 

[SecurityAnalyst]

Thanks for the warm welcome guys!

 

[BugCode]

Warm welcome to MT buddy

 

[Exterminator]

Welcome to MT Thank you for joining our community!

 

[JM Safe]

Hello, welcome to MalwareTips!

 

[SecurityAnalyst]

So what does everyone do and where? I work in the north of England as a security analyst. I've worked for a couple of huge companies in SIEM focused roles and currently work for a national CERT (you may be able to guess which one by tying this comment with the original posting), essentially getting it off the ground.

 

[lab34]

This sound like a nice job
I'm managing a small performance testing team, in a big company in France.

 

[SecurityAnalyst]

Hey @lab34 - Performance testing sounds like good fun. So are your team effectively trying to break software? My role is quite varied - threat intelligence writing, SIEM investigations, incident management - all round good fun. The recent outbreak of WannaCry across the national health service has highlighted some skill gaps in the team which is why I'm here beginning my journey into malware analysis.

 

[Winter Soldier]

So what does everyone do and where?

In short, I am a programmer of control interfaces (industrial robots), I often work as remote support from my home, but also around the world, sometimes.

 

[ahity]

So what does everyone do and where? I work in the north of England as a security analyst. I've worked for a couple of huge companies in SIEM focused roles and currently work for a national CERT (you may be able to guess which one by tying this comment with the original posting), essentially getting it off the ground.

im just testing malware on my main lalptop (dont have lab computer ) on virtualbox and testing antivirus, its risk. but its better when im not doing anything..
im very newbie i hope i can learn something worth from this forum, maybe about reverse enginering malware or something else about security ..

 

[SecurityAnalyst]

Ah, cool. What are you testing, @ahity ? I've just set up an ESXi server on my LAN with a few OSs. I connect to it from work to test but my testing methods consist of little more than Wireshark and ProcMon - just to gather some quick IOCs. I've just started reading Practical Malware Analysis which I'm finding really useful.

 

[lab34]

Hey @lab34 - Performance testing sounds like good fun. So are your team effectively trying to break software? My role is quite varied - threat intelligence writing, SIEM investigations, incident management - all round good fun. The recent outbreak of WannaCry across the national health service has highlighted some skill gaps in the team which is why I'm here beginning my journey into malware analysis.

Yes, sometimes it breaks
We are doing load tests based on what the dev teams ask us. And sometimes they want to know how far their app/infrastructure can go.
The difficulties begin when they ask why their app is not performant...

 

[Daniel Hidalgo]

Hi and welcome to MT