Unavailable

Hunting with VirusTotal

Event Information

Share this event

Date and Time

Location

Location

CyberDefenses, Inc.

1205 Sam Bass Rd. Suite 300

Round Rock, Tx 78681

View Map

Friends Who Are Going
Event description

Description

Hunting VirusTotal

Delivery method: Classroom

Instructor: Monty St John

Requirements: Laptop required | additional

Virustotal (VT) is best known as a tool that allows a user to upload files, URLs and search via a web interface. Students will explore the publicly available aspects of Virustotal in the first half of the class via a series of labs. The labs will cover different elements that can hunted for publicly on VT, such as URL strings, DNS geometry, phishing, emails, malware, and so forth.

In the latter half of the class, elements of the private intelligence service will be covered. This includes expansions on the publicly available content, searching its dataset, and how to hunt on VT with YARA.

Course Outline

Introduction

Public Virustotal

  • URL Reporting
  • DNS Replication Service
  • Files and File Reporting
  • Searching

Private Virustotal

  • Searching
  • Hunting
  • Retro Hunting
  • Using YARA to hunt

Wrap up and Close

Additional Info:

  • Laptop required
  • Requires basic knowledge of computers, technology and command line interface (CLI)
    • o Assume students can open and operate browsers, find and use the command line, execute scripts and open programs
    • Requires knowledge of Linux
    • No prior knowledge of Virustotal required
    • Understanding of virtual machines (VM) and how to use one.
      • o Assume students understand how to import and power on a VM

Why this course?

  • The course is designed for those with an interest in using Virustotal to find malware, understand DSN and its alignment to malware and other common tasks. It conveys the necessary concepts, principles and terms to lay down a solid foundation. If you have that requirement then it will serve your needs well.
  • The course is an introductory class on several tracks CDI offers for the professional starting out.

Who should attend?

  • Individuals new to or desiring a better understanding of how to use Virustotal.
  • Professionals who deal with technical issues but feel they do not have enough background in using Virustotal successfully.
  • Technical professionals that need to be armed with greater knowledge of incident response, threat Intelligence and their role in resolving incidents.

What’s next?

The following CDI courses are good follow-ups:

  • Intro to Threat Intelligence
  • CHRIME for Threat Intelligence
  • Threat Intelligence Fundamentals
Share with friends

Date and Time

Location

CyberDefenses, Inc.

1205 Sam Bass Rd. Suite 300

Round Rock, Tx 78681

View Map

Save This Event

Event Saved