Capa is designed to identify capabilities within executable files. This versatile tool analyzes various file types—including PE, ELF, .NET modules, shellcode, and sandbox reports—to determine a program’s functionalities, such as operating as a backdoor, installing services, or using HTTP for communication. Capa offers both a command-line interface and a web interface for interactive result inspection. Read More …
Tag: mandiant
Hacker Video – Analyzing Meterpreter with Redline
A victim VM has been deliberately infected with Meterpreter via an IE exploit. The video shows copying over a Redline collector to extract forensic artifacts and save them to network share. The artifacts are then imported to an analysis workstation over sftp and opened in Redline. The analysis starts at the highest malicious score to Read More …