Hello, welcome to the Thursday, May 30th, 2019 edition of the San Antonio Storm Center's Stormcast.

My name is Johannes Ulrich.

I'm recording from San Antonio, Texas.

Xavier today provided a quick write-up in how to do behavioral malware analysis using Microsoft's attack surface analyzer. This tool was

originally released in 2012 but just about a month ago Microsoft did release version

2 of the tool. The idea of the tool is to compare systems before and after you ran the malware and it will

summarize some of the significant changes, like for example, changes to the file system, added

user accounts, services, certificates, network ports, and changes to the registry.

Sure, you can probably come up with other things that you would like to see in this list,

and Microsoft is still actively developing the tool, so they may certainly expand this.

Now, main selling point, of course, it's easy to use, but the one thing that's probably

often overlooked is this

is not just a Windows tool. It also works on Mac OS and Linux. Asksaville explains this is

sort of a pretty neat tool to use in a quick triage of malware. It doesn't give you the complete

picture, but hopefully enough to tell you whether or not it's

worthwhile spending more time analyzing the particular malware sample that you're looking at.

Also up to now Malver is not looking for this tool like many other tools that may change how

Malver behaves. Now this of that may change how malware behaves.

Now, this, of course, may change if more people become familiar with this tool

and if it's more and more used to actually analyze malware.

And if you are using Docker, be aware.

A new vulnerability has been patched in all versions of

...