Automating Forensic Analysis for Linux Endpoints
TL;DR We just released a new version of our popular endpoint scanner for Linux machines, so the Autonomous SOC platform can immediately get you even more of the evidence and comprehensive analysis you need. The automated endpoint scanner for memory forensics is a powerful tool in Intezer and now it’s available for investigating and triaging […]
The State of Malware Analysis
Malware is the thorn in the side of security analysts everywhere. The main question when getting a suspicious file alert is, “Is it malware?”. Analysts employ various techniques and tools to define if a suspicious file is indeed a threat and if it turns out to be true, learn as much as possible about it. […]
How to Detect Cobalt Strike
Cobalt Strike is a penetration testing tool created by Raphael Mudge in 2012. To this day, it remains extremely popular both in red team activities and for malicious purposes by threat actors. Cobalt Strike is popular due to its range of deployment options, ease of use, ability to avoid detection by security products, and the […]
Fast Insights for a Microsoft-Signed Netfilter Rootkit
Automate malware analysis of Netfilter rootkit and other advanced threats. Obtain deep insights without long, manual effort. News broke in June about a malicious Netfilter rootkit signed by Microsoft. This was significant in that Windows machines only run drivers with valid signatures. Since drivers can obtain the maximum level of permissions on a machine, they are gold […]
Reimagining the Malware Analysis Experience
Itai Tevet, CEO of Intezer, shares the company’s vision for a simplified, consolidated malware analysis experience. Since its inception, Intezer has strived to be an innovator in malware analysis. We introduced a new way to analyze malware through genetic code sequencing: identifying code reuse to pinpoint the origins of potential threats rather than running them in […]
Klingon RAT Holding on for Dear Life
With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never been higher. Not only has the number of Go malware increased but also the sophistication of these threats. This is a technical analysis of an advanced RAT written in Go that we are calling Klingon RAT. The RAT […]
Accelerate Incident Response with Intezer Analyze Volatility Plugin
Significantly reduce memory forensics time from hours to minutes Memory analysis is a core component of a typical incident response process. In many cases incident related artifacts, such as injected malware code, leave no traces on disk and can only be found in memory. As best practice, the analysis is usually not performed on the target machine’s […]
Revealing the Origins of Software with Genetic Analysis
Nearly all cyber attacks require running code. Regardless of the attack vector, in order for an adversary to create any damage, such as stealing data, installing a backdoor, or deleting sensitive materials, they must run code on a target’s computer or server (in the cloud or on-premise). While traditional anomaly detection solutions can effectively alert us […]
Fileless Malware: Scanning Endpoint Memory with Genetic Analysis
Update January 2023: For the most recent information about our solutions for endpoint forensics and memory analysis, check out this blog. I am excited to announce the launch of a new Endpoint Memory Analysis solution, located within the Intezer Analyze platform. The Endpoint Analysis solution consists of a zero-installation scanner that analyzes every single piece of code […]