thank you for share the great work

The title is "what is DFIR?" all she did was say the acronym for it. zero detail or any techincal information. ...not to be rude but I would rather have someone thats is in DFIR explain what it is.

GOOD

Note to the curious - According to the pricing page this is not included in the free plan so if you want to test this you will have to have to be on the Starter or Complete plans.

How about detecting Living of The Land Binaries (adversary using legitimate binaries existing in the system to perform malicious operation)?

Thanks for the video. Q: where we can find these samples.

Man, in 360p I can't see anything

Promo_SM 💔

How to activate intezer account without business email

Love this, was a good study tool for InfoSec analyst role interview since I’ve been out for three Months. Just listening pulled me back into the fun day in the life of an analyst. Nice work!

Great dissection of the pdf file from scratch to top, looking for more new videos as well on one note, WSF, jar etc.

Hi, Nice video. how did you get to the header section?

Using incidents that have been auto remediated by Defender as examples of Intezer doesn't show its use or value. Just suggests that it is giving more information about things Defender already knows and has handled. Intezer is a great tool for scenarios with rarely or previously unseen executables etc as can help seniors make decisions from the malware genetics. Great product, TERRIBLE demonstration.

How to get Apple's source server.

So Good explaination. But it had better video can be more quallity some words couldnt see clearly. Good Luck

PLEASE HELP! I have downloaded over 50 softwares with most of them from reputable websites/companies but Intezer analysis have shown that THEY ALL contain malware in the "Strings" section only. All of the softwares (exe/msi) are detected as "Trusted" BUT when I check the "Strings" section of each software it shows that there's a Malware inside. Can a file detected as "trusted" still contain malware in the "Strings"???

That Endpoint Scanner by Intezer has been detected as Malicious in VirusTotal. Plus it match a YARA rule as a BumbleBee Loader.

thanks for posting this!

May I know which plugin you installed on the VS Code for the .eml file analyze? Thanks

Wow you deleted my previous comment. I only said that your video was awesome and I had to make some additional mods to the VM so it would run better on my 5 year old machine. I guess you didn't like that, not sure why. Not everyone has 16 cores and 64 GB RAM, so I thought the info was helpful to your subscribers but I guess you disagreed. Ok good luck with your channel.

I am glad y'all posted this!

This is a good interview. I love how Intezer matches the sample if it's malware, to the MITRE ATT&CK.

Awesome

I installed it on my OS istead of my VM and don't know how to uninstall it

Thank you!

Thanks for posting this!

great video

Great stuff

I sub good video!

you need to clarify the content

Imej itu terlalu menyinggung perasaan

any website to get some phishing mail samples to practice.

Great Video - Thanks! Could you please share the files also?

Great video, thanks!

Does Intezer analyze have light theme? The dark theme hurts eyes with dim font color

Thanks

Great explanation of pdf analisys thanks!

I'm 15 and I would like to be in dfir. Any suggestions, I know javascript, python , some bash and basic powershell.

You guys are awesome!

I've had success with installing FlareVM on Windows 10 21H2. I wasn't able to get it to work on OVA (IE testing image) you download from Microsoft so I've ended up getting the ISO (also downloadable from Microsoft website) and installing it once you've installed Windows 10 inside your virtual environment. Here are some tips to save time for anyone starting with FlareVM: 0. Isolate your guest VM from your host OS as much as possible. It's a good idea to have host OS that is not Windows based so you won't get into troubles if a sample escapes somehow. Having a separate laptop with a VM hypervisor is even beter but not exactly cheap and/or easy to use. 1. Make sure to take a snapshot once you've installed Windows 10 and deactivated Defender, Firewall, and autoupdates, you can always rollback to it if something goes wrong with FlareVM installation. 2. It's always a good idea to provide some information within your snapshot "description" field (in VirtualBox for example) like what the username/password of VM is or any other relevant information. Trust me, documenting things is essential for researchers. 3. Once FlareVM is installed it's also a good idea to take another snapshot (baseline snapshot I call it) that you can revert to once you've done analyzing a sample. Take this snapshot of a VM that is still running, this way you save time when restoring to it (no need to boot a VM that is off). And again, make sure to document it thoroughly (like username/passwords, patch date/level, additional tools and tweaks, etc...) 4. It's a nice idea to keep your FlareVM up to date (not Windows 10 updates mind you). So make sure to take another snapshot(s) once you run: cup all (see documentation of FlareVM for updating procedure). 5. It's also a good idea to install office inside your VM so you can get more out of analyzing maldocs. You can preconfigure Outlook and use it without setting up an account just by making an empty text file with EML extension en trying to open it. Make sure to check box saying "I want to use outlook without setting up an email account" or something along those lines. 6. Look into VM cloaking techniques and methods, some samples are quite good at detecting if they're inside a VM. Happy hunting!

❤.

Can a person that's not in a company signup anyway.