Mutex Analysis: The Canary in the Coal Mine (and Discovering New Families of Malware?)
June 11, 2011 10:34 am Advanced Threats, code, forensics, hacked, malware, Malware Analysis, Network Forensics, network forensics, Reverse Engineering, trojanPart One in a multi-part series on holistic, multi-disciplinary analysis and reversing.
This post is based on a presentation I gave at the last Thotcon, but was really prompted by a case from a couple days ago. It’s an interesting example of how the same disciplined methodologies for finding malicious traffic on the network also applies to sophisticated situations on the host as well. We’ll examine those methodologies and logic on the host by examining a little app I wrote called LockPick, pictured here and detailed later in this article. As we’ll see, mutex analysis is a VERY powerful way of analyzing systems during Incident Response. They can lead the direction of your analysis when other automated methods fail to do so.
Update 6/21/2011:
This post has been moved to the “Forensics and Reversing” section of the website. I apologize for the inconvenience. Read the full article here.
June 13th, 2011 at 5:19 pm
[...] can read part two of this series here. Posted with permission from the NetWitness Blog. Share and [...]
June 21st, 2011 at 9:03 pm
Gary I always enjoy your post man! so full of resources and love how you take the time to go step by step as much as you can. To be honest i dont care if you have 30pages.. ill read them. Great talk at thotcon btw.. i was there.